sqlmap (http://sqlmap.org/) is a great tool for exploiting SQL injections. Everyone who has exploited an SQL injection in the old-school style will know how complex and how slow this can be. You need to know about not just SQL, but also all the different syntaxes between all the DBMSs, the different tricks to extract information, DBMS configuration, and so on. Well, sqlmap automatizes the exploitation, but it can also detect vulnerabilities in the application.

At the same time, I recommend the use of CO2, a Burp Suite extension that helps you to launch sqlmap using an HTTP request from Burp Suite, using sessions, cookies, and more. It's a great collection of tools.

In the following screenshot, we can see how CO2 shows a form with all the options needed to launch sqlmap, without the need to use the command-line tool: