Most of the leaked online passwords are done through this kind of attack. If you encounter this vulnerability during your pentests then it means you just hit the jackpot. The idea here is to be able to execute the famous query:
select * from users
Assuming that the database has a users table, this query will extract all the user's records from the database. It's like Christmas day; you're going to have all the usernames and passwords in a wrapped gift.