SQL injection attacks
Posted Mar 30, 2006 2:28 UTC (Thu) by jwb
Parent article: SQL injection attacks
Another great article. One of the many horrors of MS-SQL is the incredible amount of functionality
available to a SQL injection attacker. MS-SQL can be made to open a connection to any other
database, even on other hosts or networks. A SQL injection attack against MS-SQL can allow the
attacker to tell your database to connect to any random instance of SQL Server and replicate itself.
This obviously takes all the guesswork out of trying to reverse engineer the schema. An attacker
can rip off an entire MS-SQL instance with a single HTTP request.
to post comments)