September 10, 2010     |
Home
FAQs
       SQL Server FAQ
       SQL Injection FAQ
       SQL Security Checklist
       SQL Server-Related Products
       SQL Server/MSDE-Based Applications
       SQL Server Version Database
Tools
       Lockdown Script
       Free Tools
       Free Analysis
       Group Policy Templates
       Commercial Tools
Community
       Discussions
       Links
About
Search
Network Toaster
SQL Security Forums
Note: SQLSecurity.com does not allow nor require registration due to privacy concerns for users. SQLSecurity.com is open and anonymous for all. Please report any abuse or profanity.
Reply To Message:
Posted By n/a on 11/14/2005 2:48:00 AM
Subject: some question about one paper
Message: hey guys,
i have read one paper named Hunting_Flaws_in_SQL_Server(the link is http://www.appsecinc.com/presentations/Hunting_Flaws_in_SQL_Server.pdf.
),in the paper,the author said :"We can confirm that any use granted the db_owner role canbecome. sysadmin. Cool - isn’t it? Why does this works?Because we tricked SQL Server into believing that we were the. ‘sa’ login by changing the SID in the ..."but my test is fail.in one bbs,i find one guy's test is susseccful, and his mssql version is 7.000.but mine is mssql 2000.so i m dizy.i know how can i do it.
i hope ur answers.
thanx,guys,good luck.
UserName: 
Subject:  some question about one paper
Body:
  
Show Replies:


ActiveForums 3.6
Copyright 1999 by Chip Andrews   |  Privacy Statement  |  Terms Of Use