Researchers at Black-Hat have published a demonstration on how to harm an entire server instead of just hurting the data at the database itself.
The attack vector uses the SQL Injection attack and trigger a buffer overflow, and from that point, the attackers can do what ever they like.
The vulnerability exists on the following tested databases:
- MS-SQL Server
There is also another attack to open a shell from the SQL Injection.
The source of the story can be found here.