There are tools to automate the process of SQL Injection into login and other fields. One hacker process, using a one tool, will be to search out a number of weak targets using Google (searching for login.asp, for instance), then insert a range of possible injection strings (like those given above, culled from innumerable Injection cheat-sheets on the Web), add a list of proxies to cover his movements, and go play XBox whereas the program automates the entire injection process.