Lightning talk I gave at SEC-T spring pub 2016, talking about how to use the "ON DUPLICATE KEY UPDATE" syntax to not only extract but also modify/add information in the database. The example I brought up was a site that had an SQL Injection in the register page, which could be used to change the admin password without having to crack it.