sql injection

just been going over some sql exploits did not think these are still easy to access... sample started at 7pm finished at 9.30

results are as follows 14 places accessed out of 23

see samples below on the first site ..just for proof i uploaded my avatar logo
slap in the middle.

no damage done to any site apart from uploading my image

exploit:

hint wink.gif

using any name for a user i then injected the code in the password field

here are some samples

http://www.xxxxxxx.org.uk

proof my image in the middle link

http://www.xxxxxx.org.uk/Local_History_Pag...ages/Photos.asp

(**edited** image link, avatar has been removed)

a few others were ...nothing touched just explored

http://www.xxxxxxxxxx.com
http://www.xxxxxxxx.com
http://www.xxxxxxxxx.com

exploit not provided... tongue.gif

edited:sites patched