I like fiction, here is an attempt at writing one. It is not totally original, I heard a similar story from a friend who tests security of networks.
He was presented with a login page that required username and password. He entered some text with special characters
etc. The query ran, generating a database exception. Exception was not caught and it appeared on the error page. He understood the database used. Perhaps the query was:
He got the syntax spec. and looked at few queries, tried writing a query or two. He read about the Where clause. He started trying different strings as inputs. In the meanwhile, he learnt about the different exceptions that DBMS could generate.
Then he entered the magic word in the password field: (X)* OR TRUE. The query ran again, not spitting an exception this time. He had broken into the system.
Let me know what you think.
Thanks!