Please goto http://sqlmap.org . Watch the video. And weep. If you have really simple sql exception like this, you can craft queries that will dump the entire database including it's schema and users byte-by-byte with an automated script.
SQL Injections are the basis of escalating further and possibly even hacking into the whole underlying system.
I know for a fact that I can dump any of these databases within hours. I do not know what's in them, but I'm guessing it's not information that any of these 100.000 business owners will want to disclose of their clients.
I also know it's illegal, but then agian, will that bother any 13 year old kid that feels himself a 1337 h4xx0r? Any Russian delegation? I think not.
SQL Injections are the basis of escalating further and possibly even hacking into the whole underlying system.
I know for a fact that I can dump any of these databases within hours. I do not know what's in them, but I'm guessing it's not information that any of these 100.000 business owners will want to disclose of their clients.
I also know it's illegal, but then agian, will that bother any 13 year old kid that feels himself a 1337 h4xx0r? Any Russian delegation? I think not.