WebApp Sec mailing list archives

Re: [WEB SECURITY] RE: Blind SQL Injection / Stored procedures

From: Frederic Charpentier <fcharpen () xmcopartners com>
Date: Thu, 17 Nov 2005 18:26:25 +0100

hi evans,

I saw a good one at:http://www.securitymap.net/sdm/docs/windows/mssql-checklist.html


there's a list of stored procedure (not commented) like :

sp_sdidebug
xp_availablemedia
xp_cmdshell
xp_deletemail
xp_dirtree
xp_dropwebtask
xp_dsninfo
xp_enumdsn
xp_enumerrorlogs
xp_enumgroups
xp_enumqueuedtasks
xp_eventlog
xp_findnextmsg
xp_fixeddrives
xp_getfiledetails
xp_getnetname
xp_grantlogin
xp_logevent
xp_loginconfig
xp_logininfo
xp_makewebtask
xp_msver        xp_perfend
xp_perfmonitor
xp_perfsample
xp_perfstart
xp_readerrorlog
xp_readmail
xp_revokelogin
xp_runwebtask
xp_schedulersignal
xp_sendmail
xp_servicecontrol
xp_snmp_getstate
xp_snmp_raisetrap
xp_sprintf
xp_sqlinventory
xp_sqlregister
xp_sqltrace
xp_sscanf
xp_startmail
xp_stopmail
xp_subdirs
xp_unc_to_drive
Xp_regaddmultistring
Xp_regdeletekey
Xp_regdeletevalue
Xp_regenumvalues
Xp_regread
Xp_regremovemultistring
Xp_regwrite
Sp_OACreate
Sp_OADestroy
Sp_OAGetErrorInfo
Sp_OAGetProperty
Sp_OAMethod
Sp_OASetProperty
Sp_OAStop


Evans, Arian wrote:

Fancois, nice explanation,
-----Original Message-----
From: LAROUCHE Francois [mailto:Francois.Larouche () accorservices com]Sent: Thursday, November 17, 2005 8:59 AM
[...]
d) If you still can't well sorry... I think there is no otherway except those already mentioned by the others (by the wayto execute xp_makewebtask you need to have high userprivileges something you are obviously not)
Has anyone published a complete list/table of MSSQL (and other DB)
stored procs/pls on the web, and what the default privs to them are?

I've made one but I'm not sure yet if I'm allowed to publish it.

This would be a nice handy sql-injection reference table for
people who are new to SQLi with stored procs, or just have a
bad memory/aren't very smart [me].

-ae





---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/


--
Frederic Charpentier - Xmco Partners
Security Consulting / Pentest
web  : http://www.xmcopartners.com/tests-intrusion.html

Current thread:

Blind SQL Injection / Stored procedures Andres Molinetti (Nov 15)
- Re: Blind SQL Injection / Stored procedures Adam Tuliper (Nov 15)
- Re: Blind SQL Injection / Stored procedures Laramies (Nov 16)
- RE: Blind SQL Injection / Stored procedures Victor Chapela (Nov 18)
- <Possible follow-ups>
- RE: Blind SQL Injection / Stored procedures LAROUCHE Francois (Nov 16)
  - RE: Blind SQL Injection / Stored procedures Andres Molinetti (Nov 16)
- RE: Blind SQL Injection / Stored procedures LAROUCHE Francois (Nov 17)
  - Re: Blind SQL Injection / Stored procedures Phillip Powell (Nov 17)
- RE: Blind SQL Injection / Stored procedures Evans, Arian (Nov 17)
  - Re: [WEB SECURITY] RE: Blind SQL Injection / Stored procedures Frederic Charpentier (Nov 17)
- RE: Blind SQL Injection / Stored procedures LAROUCHE Francois (Nov 18)
  - Re: Blind SQL Injection / Stored procedures ascii (Nov 18)