This paper presents some unexpected consequences of running database servers on Windows XP with Simple File Sharing enabled. In the real world, this kind of setup would typically be a developer’s system and as it turns out, in some cases depending on the database software, you might not just be sharing your files but exposing both database services and data. In one case an attacker can easily gain DBA access to the database if Simple File Sharing is enabled. We’ll examine the commercial databases, namely, Oracle, SQL Server, DB2, Sybase and Informix and see which are exposed, to what level and why.
Author: David Litchfield