How to List Sysadmins in Microsoft SQL Server

Posted on January 20, 2012 by sean • Posted in Administration, SQL, Windows • Tagged 2005, 2008, microsoft, ms, mssql, network service, nt authority, nt service, sql, sql server, sqlexpress, sysadmin, syslogins, system • Leave a comment

Sometimes I need to know who has system administrator privileges in Microsoft SQL Server. Here’s a SQL snippet to list the sysadmins.

Listing Sysadmins in MSSQL

SELECT [name] FROM sys.syslogins
WHERE sysadmin=1 AND (isntuser=1 OR isntgroup=1);

Output

You should see something similar to this in response (depending on your version of Windows, SQL Server, and any changes you have made):

[name]
NT AUTHORITY\SYSTEM
NT SERVICE\MSSQL$SQLEXPRESS
NT AUTHORITY\NETWORK SERVICE

Have fun!

TeliportMe 360 Exploits (How to Edit Any Photo, Use XSS, and Compromise the Homepage)

Posted on August 5, 2011 by sean • Posted in Mobile, Security, Social • Tagged 360, 3sixtyfactory, attack, compromised, cross domain redirect, cross domain redirection, cross site request forgery, cross site scripting, csrf, exploit, hack, hacked, injection, javascript, malicious, one sheet, panorama, photos, phototour, scripts, security, sql, sql injection, techcrunch, techie buzz, teliportme, vineet devaiah, xss • 5 Comments

IMPORTANT: DANGER! DANGER! DANGER! Proceed with reading this article and/or partaking in any action on TeliportMe’s 360 website or mobile application with extreme caution and at your own risk. I highly recommend that you DO NOT visit TeliportMe’s 360 website or PhotoTour.in directly. By the time you read this someone else may have already used this information to exploit the site and/or its visitors. YOU HAVE BEEN WARNED!

About a week ago, TechCrunch discussed a panorama application for Android. The application is called 360 and it was created by Vineet Devaiah‘s company TeliportMe. It’s received praise from some other reputable sources as well and has even managed to attract about 30,000 users; but as will become more apparent over time I love to dig into the security of these sorts of apps. Unfortunately for TeliportMe, their web security is not up to snuff.

Continue reading →

OneSheet Exploits (How to Edit Any Band’s OneSheet and/or Use XSS)

Posted on July 30, 2011 by sean • Posted in Security • Tagged attack, billboard, compromised, cross domain redirect, cross domain redirection, cross site request forgery, cross site scripting, csrf, exploit, hack, hacked, injection, javascript, malicious, mashable, one sheet, onesheet, scripts, security, sql, sql injection, techcrunch, xss • 2 Comments

IMPORTANT: DANGER! DANGER! DANGER! Proceed with reading this article and/or partaking in any action on OneSheet with extreme caution. I highly recommend that you DO NOT visit OneSheet.com directly. By the time you read this someone else may have already used this information to create a OneSheet JavaScript worm. YOU HAVE BEEN WARNED!

So, remember that OneSheet site all the bloggers have been talking about (it’s basically a site for Bands to aggregate all their social media into one page and then add a background or bio for a little extra flavor)? Since those articles were written they’ve amassed over 1000 followers on Twitter. Well, I tried it out and the security is completely piss poor. Any respectable band that does not want their reputation tarnished should absolutely stay away from this site until they fix the glaring security holes. Continue reading to see why this site’s security is ridiculous.

Continue reading →

Tech Blog is Tech

Exploring technology in the modern world

Tag Archives: sql

How to List Sysadmins in Microsoft SQL Server

Listing Sysadmins in MSSQL

Output

OneSheet Exploits (How to Edit Any Band’s OneSheet and/or Use XSS)