"In a SANS course Johannes Ullrich mentioned that a pen tester had managed to hack a rebate system via sql injection, by writing the sql on the rebate forms that got OCRed."
I want to see this one. Think, "Resemux" I case you havent heard RFID chips can be SQL'ed as well, by writting custom RFID code. When the RFID dBase scans the chip, presto, custom SQL is returned to the query, ala, peanut butter sandwiches.