southern writes:  

"SQL Injection" is subset of the an unverified/unsanitized user input vulnerability ("buffer overflows" are a different subset), and the idea is to convince the application to run SQL code that was not intended. If the application is creating SQL strings naively on the fly and then running them, it's straightforward to create some real surprises.

We'll note that this was a somewhat winding road with more than one wrong turn, and others with more experience will certainly have different -- and better -- approaches. But the fact that we were successful does suggest that we were not entirely misguided.

There have been other papers on SQL injection, including some that are much more detailed, but this one shows the rationale of discovery as much as the process of exploitation.

more: UnixWiz

southern writes:  

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.

Exploit Database

southern writes:  

I do a lot of experimenting with htaccess, revising existing rules, updating blacklists, trying new techniques, and so forth. The result of all this fiddling is basically a ton of htaccess code scraps that work great, but for whatever reason are no longer needed, have been replaced, or whatever.

These snippets function independently, with each block of code functioning independently of the others. I definitely do not recommend copy/pasting blocks of code en masse, rather each should be applied and tested thoroughly before adding more snippets. That said, these htaccess code snippets are organized into several sections: performance, canonicalization, security, and miscellaneous.

more Perishable Press

Southern writes:  

In this tutorial I am going to explain what MySQL injection is and how important it is to prevent this attack on your database(s). It is vital that all security measures are in place before you make your website live because the effects can be devastating especially if you store sensitive data.

Good PhP Tutorials

SECUNIA ADVISORY ID: SA50237

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50237/

RELEASE DATE: 2012-08-14

CRITICALITY: Highly Critical

DESCRIPTION: Four vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system. Successful exploitation of the vulnerabilities allows execution of arbitrary code.  Read More...

SECUNIA ADVISORY ID: SA50105

CRITICALITY: Highly Critical

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50105/

RELEASE DATE: 2012-08-01

DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. Read More...