There are some excellent papers on SQL injection for MS SQL Server, but I can't seem to find much information on exploiting MS Access as a web site backend database.

I suppose Access is also inherently less exploitable as it is less powerful. Not being able to add comments to SQL or have multiple SQL statements in Access restricts injection capabilities.

Having said that, does anyone know of any resources for this?