WebApp Sec mailing list archives
RE: [WEB SECURITY] RE: Blind SQL Injection / Stored procedures
From: "ALLAIN Yann" <Yann.Allain () accorservices com>
Date: Fri, 18 Nov 2005 12:07:40 +0100
Hi all,
Has anyone published a complete list/table of MSSQL (and other DB) stored procs/pls on the web, and what the default privs to them are?
You can use DumpSec SQL to have a list of such default privs. http://www.sqlservercentral.com/columnists/cmiller/dumpsqlpermissions.as p Nice tool to list all privs. Here are the features :(Copy past from the web page) "DumpSQLSec" which generates reports on: Permissions for SQL Server Objects across multiple databases DB Users across multiple database with optional role membership DB Roles across multiple database with optional built-in roles and role members DB Privileges across multiple database Server Roles with optional server role Logins Server Logins with optional server roles and database access Yann -----Original Message----- From: Frederic Charpentier [mailto:fcharpen () xmcopartners com] Sent: jeudi 17 novembre 2005 18:26 To: Evans, Arian Cc: LAROUCHE Francois; Andres Molinetti; pen-test () securityfocus com; webappsec () securityfocus com; websecurity () webappsec org Subject: Re: [WEB SECURITY] RE: Blind SQL Injection / Stored procedures hi evans, I saw a good one at :http://www.securitymap.net/sdm/docs/windows/mssql-checklist.html there's a list of stored procedure (not commented) like : sp_sdidebug xp_availablemedia xp_cmdshell xp_deletemail xp_dirtree xp_dropwebtask xp_dsninfo xp_enumdsn xp_enumerrorlogs xp_enumgroups xp_enumqueuedtasks xp_eventlog xp_findnextmsg xp_fixeddrives xp_getfiledetails xp_getnetname xp_grantlogin xp_logevent xp_loginconfig xp_logininfo xp_makewebtask xp_msver xp_perfend xp_perfmonitor xp_perfsample xp_perfstart xp_readerrorlog xp_readmail xp_revokelogin xp_runwebtask xp_schedulersignal xp_sendmail xp_servicecontrol xp_snmp_getstate xp_snmp_raisetrap xp_sprintf xp_sqlinventory xp_sqlregister xp_sqltrace xp_sscanf xp_startmail xp_stopmail xp_subdirs xp_unc_to_drive Xp_regaddmultistring Xp_regdeletekey Xp_regdeletevalue Xp_regenumvalues Xp_regread Xp_regremovemultistring Xp_regwrite Sp_OACreate Sp_OADestroy Sp_OAGetErrorInfo Sp_OAGetProperty Sp_OAMethod Sp_OASetProperty Sp_OAStop Evans, Arian wrote:
Fancois, nice explanation,-----Original Message----- From: LAROUCHE Francois [mailto:Francois.Larouche () accorservices com] Sent: Thursday, November 17, 2005 8:59 AM[...]d) If you still can't well sorry... I think there is no other way except those already mentioned by the others (by the way to execute xp_makewebtask you need to have high user privileges something you are obviously not)Has anyone published a complete list/table of MSSQL (and other DB) stored procs/pls on the web, and what the default privs to them are? I've made one but I'm not sure yet if I'm allowed to publish it. This would be a nice handy sql-injection reference table for people who are new to SQLi with stored procs, or just have a bad memory/aren't very smart [me]. -ae --------------------------------------------------------------------- The Web Security Mailing List http://www.webappsec.org/lists/websecurity/ The Web Security Mailing List Archives http://www.webappsec.org/lists/websecurity/archive/
-- Frederic Charpentier - Xmco Partners Security Consulting / Pentest web : http://www.xmcopartners.com/tests-intrusion.html ______________________________________________________________________________________________________________________________ This email, the information contained within and any files transmitted with it (herein after referred as "the message") are confidential. It is intended solely for the addressees and access to this message by any other person is not permitted. If you are not the named addressee, please send it back immediately to the sender and delete it. Unauthorized disclosure, publication, use, dissemination, forwarding, printing or copying of this message, either in whole or in part, is strictly prohibited. Emails are susceptible to alteration and their integrity cannot be guaranteed. Our company shall not be liable for this message if modified or falsified.
Current thread:
- RE: [WEB SECURITY] RE: Blind SQL Injection / Stored procedures 김광진 (Nov 17)
- <Possible follow-ups>
- RE: [WEB SECURITY] RE: Blind SQL Injection / Stored procedures ALLAIN Yann (Nov 18)