| Author |
Messages |
|
Kuji
 |
| 11/14/2005 2:48 AM |
 Quote
 Reply
 Alert
|
| hey guys,
i have read one paper named Hunting_Flaws_in_SQL_Server(the link is http://www.appsecinc.com/presentations/Hunting_Flaws_in_SQL_Server.pdf.
),in the paper,the author said :"We can confirm that any use granted the db_owner role canbecome. sysadmin. Cool - isn’t it? Why does this works?Because we tricked SQL Server into believing that we were the. ‘sa’ login by changing the SID in the ..."but my test is fail.in one bbs,i find one guy's test is susseccful, and his mssql version is 7.000.but mine is mssql 2000.so i m dizy.i know how can i do it.
i hope ur answers.
thanx,guys,good luck.
|
|
|
|
|
mulhall
|
| 11/17/2005 1:15 AM |
Quote
Reply
Alert
|
| The sp_msdropretry vulnerability was fixed in SQL 2000 SP3. |
|
|
|
|
Kuji
|
| 11/17/2005 9:31 PM |
Quote
Reply
Alert
|
| thanx mulhall ,where can i found the detail information of this vulnerability. my email/msn is evilkuji@hotmail.com.thanx |
|
|
|
|
mulhall
|
| 11/18/2005 1:53 AM |
Quote
Reply
Alert
|
| No, and may I suggest to you that there is nothing more that you need to know. |
|
|
|
|
Marcelo (guest)
|
| 12/09/2009 10:12 AM |
Quote
Reply
Alert
|
Is later to post a reply, but the answer "No, and may I suggest to you that there is nothing more that you need to know." isn't a real answer are typicaly words of Microsoft !!!!!
Sorry, but the people want to know !!!!!
Sorry for my English... I never like but is a necessary bad...
Regards. |
|
|
|
|
|