How Stored Procedure Attacks Work
As you would hope from a security perspective, stored procedures are not always available for attackers to use right out of the box. For example, SQL Server may not have stored procedures available for you to utilize (an administrator may have removed them or they may be disabled by default), and it does require you to have appropriate permissions when accessing these procedures. Certain conditions, therefore, may need to exist before initiating an attack utilizing SQL's stored procedures.
Initiating Access
The first step in the attack methodology is to obtain access to accounts or applications with proper permissions to interact with the stored procedures. A common SQL Server account that is fruitful for ...
Get Seven Deadliest Microsoft Attacks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
