SQL injection? No, Cursor injection

Just came across a paper called "Cursor Injection - A New Method for Exploiting PL/SQL Injection and Potential Defences" of David Litchfield.

It shows once more that writing proper code is important, as is getting your database to the right patch level.

--
Off topic: Carl Backstrom blogged about a music clip called "Code Monkey" here. You should see it, it's fantastic!
--