Вот хорошая виртуальная система для практики http://devteev.blogspot.com/2009/10/advanced-sql-injection-lab-full-pack.html
http://rghost.ru/7XjgMcmLl This is the definitive resource for understanding, finding, exploiting, and defending against this increasingly popular and particularly destructive type of Internet-based attack. SQL Injection Attacks and Defense, Second Edition includes all the currently known information about these attacks and significant insight from its team of SQL injection experts, who tell you about: Understanding SQL Injection - Understand what it is and how it works Find, confirm and automate SQL injection discovery Tips and tricks for finding SQL injection within code Create exploits for using SQL injection Design apps to avoid the dangers these attacks SQL injection on different databases SQL injection on different technologies SQL injection testing techniques Case Studies Securing SQL Server, Second Edition is the only book to provide a complete understanding of SQL injection, from the basics of vulnerability to discovery, exploitation, prevention, and mitigation measures.
Долго искал тему https://www.owasp.org/images/d/dc/AppsecEU09-Damele-A-G-Advanced-SQL-injection-slides.pdf
"Наклейки на кружки" от Rapid7 R7 SQL Injection Cheat Sheet и R7 Injection CheatSheet или тут http://www.rapid7.com/resources/free-tools.jsp
