[转载]Manipulating Microsoft SQL Server Using SQL Injection

原始出处：http://www.appsecinc.com/present ... g_SQL_Injection.pdf

This paper will not cover basic SQL syntax or SQL Injection. It is assumed that the reader has a strong understanding of these topics already. This paper will focus on advanced techniques that can be used in an attack on a (web) application utilizing Microsoft SQL Server as a backend. These techniques demonstrate how an attacker could use a SQL Injection vulnerability to retrieve the database content from behind a firewall and penetrate the internal network.