WebApp Sec mailing list archives
Re: HacMeBank - help lesson 1c
From: Frank Knobbe <frank () knobbe us>
Date: Wed, 15 Sep 2004 12:18:23 -0500
On Mon, 2004-09-13 at 21:12, Marc Davison wrote:
EXEC MASTER..XPCMDSHELL DIR-- command It just comes back with an error saying permission denied and owner is dbo. I set this up on a clean machine and want to allow people to run this command to show the dangers of misconfigured servers but am not sure where I went wrong in set up. I thought that I had followed the guide.
Perhaps you used a recent version of a database that has better security settings out-of-the-box? I haven't investigated further but it appears that recent MS SQL servers have by default public execute permissions removed from xp_cmdshell and sp_cmd. So check and make sure that "public" has execute rights on those stored procedures you want to exploit. Question to the list: Is that true that the default stored procedures permissions in MS SQL have improved? (as in removed "public" from access list). I don't have a copy handy to check a fresh install. Perhaps one of the "dedicated" web pen testers could shed some light on this. Thanks, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- HacMeBank - help lesson 1c Marc Davison (Sep 15)
- Re: HacMeBank - help lesson 1c Frank Knobbe (Sep 18)