I've added SQL injection labs to my XSS labs site, which are useful both for beginners and testers looking to improve.

There are novice labs that cover the basics of injection and data extraction.

There are apprentice labs that introduce more advanced techniques including tricky queries, exfiltration and WAF evasion.

And there are expert labs that cover boolean and timing exfiltration, and privilege escalation.

I'm really interested in people's feedback on how they get on - and ideas for additional labs. I'll be adding video solutions at some point.