Next week I'll be speaking at AppSec 2009 in Washington DC about "One Click Ownage". This is a very practical way to get a reverse shell, reverse VNC or something like that. Basically after you find an SQL Injection in a MS SQL Server, you can carry out your own payload and run it in the target system by using one HTTP request. There are also other advantages of this such as the ability to exploit SQL Injections via CSRF attacks.
Finally I'll publish a small tool called WebRaider which allows you to automate the whole attack. All you need to do is type the URL and click the exploit button to get a reverse shell.
After the conference I'll be in New York for a while, if you are in that area and interested in Netsparker, do not hesitate to contact us so that we can arrange a demonstration in your office.