Fabiano Amorim in SQL Server Exposing a SQL injection vulnerability you’ve never heard of (what it is, how it works, and key takeaways) How a Unicode lookalike character bypassed REPLACE-based sanitization in a trusted SQL Server system procedure - and what it teaches... 19 June 2026 11 min read 31
Fabiano Amorim in SQL Server SQL Server security vulnerabilities you weren’t aware of: how tampered indexed-view metadata can break cross-database isolation Indexed view tampering in SQL Server backups can expose cross-database data after restore. Learn how restore-boundary attacks work and how... 18 May 2026 18 min read 2
Fabiano Amorim in SQL Server Cross-database ownership chaining in SQL Server: security risks, behavior, and privilege escalation explained Learn how cross-database ownership chaining works in SQL Server, how permissions are evaluated, and why it can introduce security risks... 13 April 2026 12 min read 2
Fabiano Amorim in SQL Server Exploiting SQL Server Date Correlation Optimization: How Tampered Backups Enable Cross‑Database Data Leaks This article reveals a critical SQL Server flaw: attackers can weaponize Date Correlation Optimization (DCO) views in restored backups to... 07 January 2026 19 min read 2
Fabiano Amorim in Security, Privacy & Compliance SQL Server Privilege Escalation via Replication Jobs Learn how attackers can exploit SQL Server replication cleanup jobs to escalate privileges from db_owner to sysadmin, and discover practical... 22 December 2025 5 min read 31
Fabiano Amorim in Security, Privacy & Compliance SQL Server security vulnerabilities you weren’t aware of: DBaaS system code decryption & user data exfiltration A SQL Server DBaaS privilege bypass exposed system tables and vendor-protected code on AWS, GCP, and Alibaba. This explains the... 05 November 2025 30 min read 43
Security, Privacy & Compliance Fabiano Amorim in Security, Privacy & Compliance SQL Server View-Based Security Flaw: How Error Messages Expose Hidden Data View-based row-level security in SQL Server leaks information through error messages - a user who can't see a row can... 19 October 2020 11 min read