This is a small text document that describes how MS SQL can be “tricked” into creating a command.asp script under the webroot, even when you do not have access to ‘sa’ privs (dbo privs are probably still a must, though). The technique described uses the SQL server ‘backup’ command.
You can download it from the following link: https://packetstormsecurity.com/files/download/34697/creating_a_asp_command_shell_using_BACKUP.txt
Source: https://packetstormsecurity.com/files/34697/creating_a_asp_command_shell_using_BACKUP.txt.html