Sequel Injection... sorry the pun was uncalled for.

Trinity is in Amsterdam, listening to a new Bhangra album by DJ Jazzy B. Its late, very late, and Trinity grows restless. Too much time has passed since the last good hack against the Matrix.

She jacks in. Electrons pulse to the beat, as she navigates the web looking for a likely candidate to help the revolution. Where shall the search begin.

The New World has plenty of talented hackers, especially one that has risen through the ranks that goes by the hacker handle Neo. Thomas Anderson is his real name. Now, where to find him....

There are only three things sure in this world, death, taxes, and Trinity's ability to hack databases.

Let the games begin.

She types at her console:

irsfile.asp?username='test';+exec+master..xp_cmdshell+'ping+209.171.43.28';-
-

Back at IRS Headquarters, the lead agent begins his analysis:

This first user input is the attacker, abusing SQL injection to use a stored procedure call to execute the command ping 209.171.43.28.

This gives us a first clue as to where the attacker is hiding out. The IP address belongs to an ISP in the Netherlands, an infamous hangout for members of the underground.

Trinity now knows that she can manipulate the database at will. She types:

irsfile.asp?username='test'+UNION+SELECT+name,1,'1',1,'1'+FROM+irs_dbase..sysobjects+WHERE+xtype+=+'U';--

This second line of user input, shows the hacker accessing the IRS D-base's User table.

The third and final command,

irsfile.asp?username='Trinity'+UNION+SELECT+phone_number+FROM+irs_dbase..account+WHERE+taxpayer_lastname+=+'Anderson';--

brings her the results she was looking for, the phone number for all the taxpayers whose last name is Anderson. Now its only a matter of time before Trinity finds the crucial member of the resistance.