3. Privilege Abuse
A large number of database attacks are carried out using this step. When an attacker makes an initial connection to the database server, they are granted a set of access privileges. Depending on the nature of these credentials, they is may allow access to enough sensitive information or functionality. If the set of credentials was taken from a thick-client application, the perpetrator could bypass the access restrictions imposed by the application code and not be subject to database access control mechanisms.
In actuality, there are many control mechanisms that do not exist on the server. One example is the lack of restriction on the amount of records that can be retrieved using a single database query. Another is a lack of limits on the criteria that can be used for extracting records.
Typical attack scenarios involve the use of the tools within common Office software, e.g. Microsoft Excel. These tools can be used to retrieve large amounts of information from the database which can be stored locally on the workstation and then exported to a detachable medium.
Other crime scenes involve the use of native database client software to make unauthorized (or uncontrolled) changes to the information stored on the database.
Privilege abuse is hard to detect using traditional access control mechanisms because in these cases, perpetrators employ legitimate commands under illegitimate circumstances. For instance, perpetrators with legitimate privileges avoid detection by committing the crimes outside of normal working hours, by using a different client machine, or by using illegitimate channels, i.e., client applications.
4. Privilege Elevation
If a perpetrator cannot accomplish his crime by using the basic privileges granted upon initial contact, chances are he'll move toward obtaining administrative privileges. Privileges at this level in the database would allow the perpetrator to gain virtually unlimited access to any information stored within the database server, and worse, total control over the server itself.
There are a number of techniques that result in administrative privileges being granted to a non-privileged user. The most notorious (yet the toughest to exploit) is the use of the buffer overflow attack. Server software is not designed to handle long user input. When used naively, the buffer overflow vulnerability can be exploited to quickly bring down a server. However, if the attacker carefully plans this exploit, he/she will be allowed to execute arbitrary code with administrative privileges. Buffer overflow vulnerabilities are found in built-in stored procedures, SQL statements, and even built-in functions. While the first two can be mitigated using internal access control mechanisms, the third type requires access control semantics that do not exist in the database server.