http://www.sqlservercentral.com/blogs/brian_kelley/2012/02/27/new-article-exploiting-sql-server-via-control-server-permissions/

Printed 2014/10/01 07:31AM

New Article: Exploiting SQL Server via CONTROL SERVER permissions

2012/02/27

I have a new article up at MSSQLTips.com, covering what someone can do with CONTROL SERVER. Most folks know to look for changes in the sysadmin role, and knowing this, if I want to cover my tracks I don't want to give a login that membership. However, a lot of folks don't look for CONTROL SERVER permissions and this is a mistake. This article shows the exploit that someone with CONTROL SERVER (or being a member of the securityadmin role) can use to escalate privileges on the server.

Potential Security Exploit Using CONTROL SERVER permissions in SQL Server

 


Copyright © 2002-2014 Simple Talk Publishing. All Rights Reserved. Privacy Policy. Terms of Use. Report Abuse.