In this blog I’ll show how database users commonly created for web applications can be used to escalate privileges in SQL Server when database ownership is poorly configured.
The post Hacking SQL Server Stored Procedures – Part 1: (un)Trustworthy Databases appeared first on NetSPI Blog.