how simple is sql injection for stupid people
and how stupid are webmaster to underestimate the power of sql injection and not to patch or upgrade or just throw out the stuff they didn't need anyway
take an sql injection exploit
look for the Google dork (search term)
look for the search term for its own search engine
do the Google
type in the search term
click for results
see the passwords of sites flipping up before your eyes
be amazed be afraid be very afraid
it really does not take more than that and I am not going to publish here the names of the exploits, google dorks and sites with which it works, but it works and webmasters should really test their site profoundly and upgrade and patch it all the time.
and in fact this goes for many exploits so have an inventory of all - all - your OS, applications and software that is not inside your network behind your firewalls and patch fast and if you are serious about your ebusiness, place an HIDS, set it after an reverse proxy and application firewall and if you have some more money subscribe to some 0day information service or defense.