Here is a very helpful tutorial on SQL Injection by N3T D3VIL of Root@Shell Security Group.

http://milw0rm.com/papers/174

thanks, nice tutorial for beginners on how sql works and how injections actually behave.

nice to see some actual education instead of just tutorials for skiddies.

Nice tut brother

Any one know a way for me to test this legally(other than creating my own site)
I'd appreciate any help

--
Alcatraz

intitle:/admin/login.asp + google. Not so legit but i'm sure you could do some testing and alert some admins if they happen to be vulnerable now couldn't you...

or just email them before you do anything and offer it as a paid or free service.

Generally "white-hat" hacking and exploiting isn't looked upon in a negative way, but it's always good to inform the person you'll be testing the injection on beforehand, as well as let them know if they are vulnerable to attack, and even how to go about finding a solution to the problem, if you're really nice

If you want to look at more or less advanced SQL injection tuts, check those out. They're from bright-shadows.net repository.
http://www.nextgenss.com/papers/advanced_sql_injection.pdf
http://www.appsecinc.com/presentations/Man...L_Injection.pdf
http://www.spidynamics.com/whitepapers/Bli...QLInjection.pdf
http://shh.thathost.com/text/binary-search-sql-injection.txt
http://www.spidynamics.com/whitepapers/Whi...QLInjection.pdf
http://www.nextgenss.com/papers/more_advan...l_injection.pdf

hmmm... .you might want to reconsider that thought. I've seen it quite too often that a "white hat hacker" had a nice push just because he was helping people out.
They don't know you and most of the times they don't like you snooping around.
Make sure you get approval before doing anything trying to bypass security mechanisms.

That’s why I was more looking for a way to download a site to my pc and run it local. I'm in the middle of learning HTML (haven’t gotten that far) so hopefully soon I'll learn enough to run a site local and hack it that way. As far as contacting the company and asking permission, I don't think there would be many companies willing to let a noob hacker just hack into their systems with out wanting to know more about them and at least having them CERT certified or a degree in network security.

Webgoat!

http://code.google.com/p/webgoat/

"WebGoat is a deliberately insecure J2EE web application designed to teach web application security lessons. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application is a realistic teaching environment, providing users with hints and code to further explain the lesson."

mildly off topic but i agree with the ^
Webgoats very good for practising web attacks of all kinds although they dont have that many sql practices.
hxxp://www.hellboundhackers.org has quite a few simulations you can practise with although the syntax can sometimes be very sketch as they are only simulations,
hxxp://www.damnvulnerablelinux.org is a live linux distro that is insecure and contains a few vulnerable website scripts and tutorials to play around with

Merci beaucoup je vais voir ça de plus près

Neos69, please stop posting in french. the forum language is meant to be english.

I didnt fully understood your post, but is sounded like a 'thnks, gonna try that' kind of post which is AGAINST the rules here.