Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:272
HistoryMay 31, 2000 - 12:00 a.m.

Steal Passwords Using SQL Server EM

2000-05-3100:00:00
vulners.com
13
JSON

If you have access to a SQL Server database, as a normal user, you have the ability to view others passwords who
have created a DTS package.

Scenario:
a… Log into the SQL Server
b… Expand 'Data Transformation Services'
c… Click on 'Local Packages'
d… Right click on any package, and choose 'Design Package'
e… Rigth click on a connection object, and choose 'Properties'
f… A dialog will come up with text boxes containing the username and password. The password will be marked
with asterisks. Run Revelation (http://www.snadboy.com), a program which will allow you to view the password
g… You now have this users username and password, you can access their database through enterprise manager or
query analyzer, and if their user name and password is the same, their ftp account.
At this time, I do not have access to an SQL Server as admin, so i cannot tell you whether the admins of sql
server have left this open, or the user who created the DTS package is at fault. However, the current provider
of my hosting, who has 50+ databases, and 15 of which have created a DTS package, making their databases
accessible by this method.

JSON