Slides presented by Alberto Revelli at OwaspDay II in Rome, 31/03/2008. They describe some SQL Injection tricks that can be used to get a full access to the DB server’s operating system. The examples are mainly focused on MS SQL Server, but the concepts are valid for other DBMS as well.