Okay, so I like to read a lot. Like.. a lot. So I was reading Advanced SQL Injection In SQL Server Applications about a week after I read Google Hacks. The little lightbulb went off. Could it really be that easy? Could it?
In less time than it took to write this post, google (inurl:select inurl:where inurl:from) gave me 460 pages of results. About 20% or so look vulnerable to injection attack. A slightly modified query gives 496 matches for unprotected, non-passworded, wide open hey-look-it-is-Christmas phpMyAdmin sites.
I had to get that out of my system. I'm better now.