Cursor Injection - A New Method for Exploiting PL/SQL Injection and Potential Defences David Litchfield [davidl@ngssoftware.com] 24th February 2007 An NGSSoftware Insight Security Research (NISR) Publication ©2007 Next Generation Security Software Ltd http://www.ngssoftware.com Introduction On occasion Oracle in their alerts state that the ability to create a procedure or a function is required f