[From Help Net Security
Most application developers underestimate the risk of SQL injection attacks against web applications that use Oracle as the back-end database.
This paper is intended for application developers, database administrators, and application auditors to highlight the risk of SQL injection attacks and demonstrate why web applications may be vulnerable.
It is not intended to be a tutorial on executing SQL attacks and does not provide instructions on executing these attacks.
The article continues at