Vlad Drumea tests out a pair of fixes:
In this post I demo two PoCs for SQL injection vulnerabilities fixed in SQL Server 2025 CU20 GDR KB5063814.
This August’s Patch Tuesday came with a security patch for SQL Server 2022, 2019, 2017, and 2016.
The number of SQL injection vulnerabilities caught my attention and I decided to see what system stored procedures have changed to see if I can find anything useful.
Vlad looks at a pair of spatial stored procedures and puts together a method to exploit the old versions.