The Art of Exploiting SQL Injections