Assessment metrics of SQL Injection Vulnerabilities?
Here is the paper that covers a lot of modern techniques abut SQL Injection vulnerabilities.
The most common techniques are:
- tracking the clicks
- implementing a back door and checking who's downloading the "bad" software
- check the client side vulnerability