Ethical Hacker Community Forums

 Introducing SQL injection
 Exploiting Web Applications
 SQL Injection  Steps
    o What Should You Look For?
    o What If It Doesn’t Take Input?
    o OLE DB Errors
    o Input Validation Attack
 SQL Injection Techniques
 How to Test for SQL Injection Vulnerability?
 How does it Work?
 Executing Operating System Commands
 Getting Output of SQL Query
 Getting Data from the Database Using ODBC Error Message
 How to Mine all Column Names of a Table?
 How to Retrieve any Data?
 How to Update/Insert Data into Database?
 Automated SQL Injection Tool
    o AutoMagic SQL
    o Absinthe
 SQL Injection in Oracle
 SQL Injection in MySql Database
 Attack against SQL Servers
 SQL Server Resolution Service (SSRS)
 Osql L- Probing
 SQL Injection Automated Tools
    o SQLDict
    o SqlExec
    o SQLbf
    o SQLSmack
    o SQL2.exe
 SQL Injection Countermeasures
 Preventing SQL Injection Attacks
 SQL Injection Blocking Tool: SQLBlock
 Acunetix Web Vulnerability Scanner

Source:
http://www.eccouncil.org/EC-Council%20Education/ceh-course-outline.htm

Don

on this note...

does anyone have any guides for setting up a server that is VULNERABLE to SQL injection.  I would like to set up a MySQL and MSSQL boxe(s) that are  vuln to different SQL. 

i figure someone has already done this at some point...

When teaching CEH, I use Windows 2000 Server Professional unpatched on VMWare. This will provide you a nice MSSQL platform to hack. If you have the CEHv4 materials, you should also have the databases to setup JuggyBank, a lab used in SQL Injection.

MYSQL, I'm afraid you are on your own.

Hope this helps.

that does help, thanks!

SQL injection is performed through badly written scripts which allow you to enter SQL commands into its queries (i.e. they don't sanitise inputs). So you'll probably be safe with default setups of mssql and mysql.