Hey all, Iâ??ve just written a paper that revisits lateral SQL injection but looks at how an attacker can exploit NUMBER concatenations to execute arbitrary SQL in PL/SQL applications. Itâ??s not earth shattering research but worthwhile noting if youâ??re involved in PL/SQL development. http://www.accuvant.com/capability/accuvant-labs/security-research/lateral-sql-injection-revisited-exploiting-numbers Cheers, David Litchfield https://twitter.com/dlitchfield -- //www.freelists.org/webpage/oracle-l