Steve Friedl recently released a whitepaper, "SQL Injection Attacks by Example," which discusses the steps he took during a recent security audit to penetrate a customer's system. The paper describes how he discovered what services and technologies were used, how he discovered table names and table field names, and how he coaxed the system into changing an email address in a table to recover a valid login account name and password.
The paper also discusses some ways to mitigate such attacks. However, if you're interested then you should read the related message thread on the Bugtraq mailing list to see what other people had to say about Friedl's mitigation suggestions before you rely on them as definitive defensive measures.
As we reported yesterday in the story, "Microsoft WINS and SQL Server Targeted," brute force password cracking attempts have recently been detected against Microsoft SQL Server. While such cracking attempts are one way to find SQL Server login passwords, injection attacks are another method that could be launched by anyone from anywhere in the world if your database servers are exposed to the Internet as backends for Web-based applications. So consider auditing the security of your SQL-based applications and the related systems' overall network exposure to make sure you have your bases covered adequately.