Blog Post

New Article: Exploiting SQL Server via CONTROL SERVER permissions

,

I have a new article up at MSSQLTips.com, covering what someone can do with CONTROL SERVER. Most folks know to look for changes in the sysadmin role, and knowing this, if I want to cover my tracks I don't want to give a login that membership. However, a lot of folks don't look for CONTROL SERVER permissions and this is a mistake. This article shows the exploit that someone with CONTROL SERVER (or being a member of the securityadmin role) can use to escalate privileges on the server.

Potential Security Exploit Using CONTROL SERVER permissions in SQL Server

 

Rate

You rated this post out of 5. Change rating

Share

Share

Rate

You rated this post out of 5. Change rating