WebApp Sec mailing list archives

RE: [WEB SECURITY] RE: Blind SQL Injection / Stored procedures

From: 김광진 <ezhack () ncsoft net>
Date: Fri, 18 Nov 2005 09:46:14 +0900


SQL Security Checklist
http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=24


-----Original Message-----
From: Frederic Charpentier [mailto:fcharpen () xmcopartners com] 
Sent: Friday, November 18, 2005 2:26 AM
To: Evans, Arian
Cc: LAROUCHE Francois; Andres Molinetti; pen-test () securityfocus com; webappsec () securityfocus com; websecurity () 
webappsec org
Subject: Re: [WEB SECURITY] RE: Blind SQL Injection / Stored procedures

hi evans,

I saw a good one at 
:http://www.securitymap.net/sdm/docs/windows/mssql-checklist.html

there's a list of stored procedure (not commented) like :

sp_sdidebug
xp_availablemedia
xp_cmdshell
xp_deletemail
xp_dirtree
xp_dropwebtask
xp_dsninfo
xp_enumdsn
xp_enumerrorlogs
xp_enumgroups
xp_enumqueuedtasks
xp_eventlog
xp_findnextmsg
xp_fixeddrives
xp_getfiledetails
xp_getnetname
xp_grantlogin
xp_logevent
xp_loginconfig
xp_logininfo
xp_makewebtask
xp_msver        xp_perfend
xp_perfmonitor
xp_perfsample
xp_perfstart
xp_readerrorlog
xp_readmail
xp_revokelogin
xp_runwebtask
xp_schedulersignal
xp_sendmail
xp_servicecontrol
xp_snmp_getstate
xp_snmp_raisetrap
xp_sprintf
xp_sqlinventory
xp_sqlregister
xp_sqltrace
xp_sscanf
xp_startmail
xp_stopmail
xp_subdirs
xp_unc_to_drive
Xp_regaddmultistring
Xp_regdeletekey
Xp_regdeletevalue
Xp_regenumvalues
Xp_regread
Xp_regremovemultistring
Xp_regwrite
Sp_OACreate
Sp_OADestroy
Sp_OAGetErrorInfo
Sp_OAGetProperty
Sp_OAMethod
Sp_OASetProperty
Sp_OAStop


Evans, Arian wrote:

Fancois, nice explanation,

-----Original Message-----
From: LAROUCHE Francois [mailto:Francois.Larouche () accorservices com] 
Sent: Thursday, November 17, 2005 8:59 AM

[...]

d) If you still can't well sorry... I think there is no other 
way except those already mentioned by the others (by the way 
to execute xp_makewebtask you need to have high user 
privileges something you are obviously not)


Has anyone published a complete list/table of MSSQL (and other DB)
stored procs/pls on the web, and what the default privs to them are?

I've made one but I'm not sure yet if I'm allowed to publish it.

This would be a nice handy sql-injection reference table for
people who are new to SQLi with stored procs, or just have a
bad memory/aren't very smart [me].

-ae





---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/


-- 
Frederic Charpentier - Xmco Partners
Security Consulting / Pentest
web  : http://www.xmcopartners.com/tests-intrusion.html


---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/

Current thread:

RE: [WEB SECURITY] RE: Blind SQL Injection / Stored procedures 김광진 (Nov 17)
- <Possible follow-ups>
- RE: [WEB SECURITY] RE: Blind SQL Injection / Stored procedures ALLAIN Yann (Nov 18)