Finally made it
For everyone having problems like me (i hope it's not too spoilery) here some hints:
First of all you have to find a Spot, where to perform SQL-Injection. As others said before me: Learn about how SQL works, look for a query which uses GET-method and try inserting your own queries. A broken image means that you managed to manipulate the database but your query produced an error.
As you got access to a table of the database you need to "union" the information you need (Mailing list) with the table you have access to. Therefore you need two things: The name of the mailing list table and the number of columns in the table you have access to. To get the name, look carefully at occuring error messages - you can get useful information there (maybe more than just one name?).
Now use the Order-By trick to count columns. That's where i've been stuck for hours cause i really thought i'd need the column names and desperately tried to get them. So if you're stuck here, too, try this one: http://thehotfix.net/forums/index.php?/topic/25665-sql-injection-tutorial/
After this you should have any information needed to perform your sql-attack. Think carefully about the sql-commands which you're going to use. If you see a long list of broken images you're on the right track (even if there's nothing in the sourcecode). Make sure you are using the UNION ALL command and have the right number of nulls filled in. If you still don't manage to get the information from the mailing list, think carefully about what you need to extract the emails from the mailing list. Only the table name or maybe something else? How about the name of the column the adresses are stored in? Try to find it, use it and you should be able to union the adresses with the product list. And in the end you'll find the answer lies in the source
of all evil
Hope those hints are vague enough
If it's still too spoilery please just edit and take my apology