xp_cmdshell with low permission

[Frederic Charpentier <fcharpen () xmcopartners com>]

Hello all,

I'm conducting a pentest on a IIS/Coldfusion/MSSQL server.
I've found a sql injection flaw, but the server does not allow me to run 
"xp_cmdshell" commands.

I use the following trick : exec master.dbo.xp_cmdshell "dir"; --

The server response :
EXECUTE permission denied on object 'xp_cmdshell', database 'master', 
owner 'dbo'.

I understand the coldfusion script use a low privileged user. So, two 
questions :

- Is there another way to use xp_cmdshell ?
- Is it possible to change the current user ? (like 
http://../script?param=1';user(sa,"sa");exec master.dbo.xp_cmdshell 
"dir"; --

Thanks in advance for ideas.

FRED

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------