In case you missed it, version 1.2 of SQL Power Injector was released late last week. SQL Power Injector is a graphical application created using the .NET framework. As its name suggests, it helps the penetrating tester inject SQL commands on a Web page.
It’s SQL Server, Oracle, MySQL, Sybase, and DB2 compliant, though it’s possible to use it with any existing DBMS using the inline injection (Normal mode). Normal mode is the SQL command that someone will put in the parameter sent to the server.
Excerpt from SQL Power Injector’s Introduction:
The main effort done on this application was to make it as painless as possible to find and exploit a SQL injection vulnerability without using any browser. That is why you will notice that there is an integrated browser that will display the results of the injection parameterized in a way that any related standards SQL error will be displayed without the rest of the page. Of course, like many other features of this application, there are ways to parameterize the response of the server to make it as talkative to you as possible.