Fair enough. You are right to distinguish between attempted attacks and successful exploitation. To be honest I cannot be bothered to properly read those articles I posted and see if they were talking about attempts or successful attacks. :-)
Though having worked as a penetration tester I can say that, while rare, it was certainly not unheard of for a client's web application to be vulnerable to SQL injection. And this is for clients who are willing to spend several $1000s on a penetration test for their website - imagine what its like for people who don't give a second thought to the security of their site.
Though having worked as a penetration tester I can say that, while rare, it was certainly not unheard of for a client's web application to be vulnerable to SQL injection. And this is for clients who are willing to spend several $1000s on a penetration test for their website - imagine what its like for people who don't give a second thought to the security of their site.