You know, I really, really get annoyed at developers who don't even have a basic knowledge of security yet make their applications available to everyone. "Available to everyone" frequently means "web pages".

If you've ever heard of SQL injection, you know that any URL which allows its data to be injected directly into an SQL query is a security hole waiting to be exploited. So consider the basic structure of an SQL SELECT statement:

SELECT [something] FROM [table or tables] WHERE [some condition]

So any URL which has that basic structure potentially has a massive security hole allowing you to search their database and possibly cause plenty of damage. So how would you find those URLs? Enter Google Hacking. Google allows you to add a inurl: term to your query. Whatever you include with that term should be included in the URL. So what you're looking for is any URL which has select, from and where (the %3A is the encoding for a colon ':' character):

inurl:select inurl:from inurl:where

Now as it turns out, that returns a lot of questions about SQL queries in addition to URLs which execute queries. So to make it easier to find our target, let's look for anything which embeds 'cgi' in their URL:

inurl:cgi inurl:select inurl:from inurl:where

Bingo. Lots and lots of hackable Web sites. These people keep me employed.

Update: while playing around with this, I stumbled across the following URL (deliberately not made clickable):

http://140.127.211.214/cgi-bin/nlrdf_publ/update.pl?sql=UPDATE%20language%20set%20valid_from=**********%20where%20id=246

Inspired by the latest horror at the Daily WTF