This link is about the password hashes in an SQL database, and how to go about cracking them:
http://www.nextgenss.com/papers/cracking-sql-passwords.pdf

This link is a nice white paper on sql injection with nice illustrations. Plenty has been written about it but i hadnt come across this paper yet. Maybe something new for you guys too:
http://www.spidynamics.com/papers/SQLInjectionWhitePaper.pdf

Enjoy.

Here's another 2 that I found quite helpfull as well! I'd seen the Second one you posted before, It's good!

http://www.imperva.com/application_defense..._injection.html

http://www.appsecinc.com/presentations/Man...L_Injection.pdf

thnx for sharing

regarding the SQL passwordhashes:
I have been wondering that this hasn't been talked about befor. Not on this board and its also hardly possible to find a discussion of this topic anywhere.
I actually studied alitte on this topic. Cracking the hashes is pretty easy.
Also there are some things in the papers which make less sense to me.
In the papers they talk about you have to get the upper/lowercase combination but infact mssql isn't casesensitive on password input. so that is easily done.

also cracking the sql hashes only helps you collection information about what passwords they may use or not. just for social engineering needs cause you would already need SA login to the database to few the hashes or at least administrator login to that machine where the server is running.

eXcellent job mate,, thanks a lot for sharing the info.