xp_cmdshell is an extended SQL stored proc that allows users to run Windows command prompt commands from within SQL. Sound scary? It might, but is xp_cmdshell really a security risk? Well a lot of people think so, many DBAs and IT departments will insist that it's always disabled and many auditors and pen testers will... Continue Reading →