SQL Injection - one of the attack vectors prevalently used by hacker's today. The biggest breach of credit card data to date, at Heartland Payment Systems, was initiated using this attack. Although SQL injection is well understood, it still stars in OWASP top ten attack problems and many web sites and applications are still vulnerable. In this presentation, Slavik Markovich, CTO, Sentrigo, will show how hackers use advanced techniques to exploit SQL injection vulnerabilities and steal information from the compromised application and other databases on the network. Reconnaissance techniques, error manipulation, blind SQL injection, worms and back-doors will be explained and demonstrated against live Oracle servers and a demo web application. It is crucial for information security professional and DBAs to understand these techniques in order to thwart them.