The only resource you’ll need to start is Google, learn to use it here.

All of the following can be found with the above technique, nothing here is unique. This is just a collection of some my regularly used resources and is not comprehensive.

Some of the places I look regularly for new research:

Specific Exploit Resouecs

SQL Injections

For a quick reference I use PentestMonkey and PortSwigger’s SQL injection cheat sheets, or the SQL generic guides from W3school.

During active exploitation of injections that require WAF bypasses or other evasive techniques, I go directly to the documentation of the type of databases being exploited (correcting for version number).

For exploitation I automate the process with Python to adjust for any unique circumstances.