Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [WEB SECURITY] RE: Blind SQL Injection / Stored procedures

from [ALLAIN Yann] Network Security [Permanent Link]
Subject: RE: [WEB SECURITY] RE: Blind SQL Injection / Stored procedures
Date: Fri, 18 Nov 2005 12:07:40 +0100 

Hi all,


Has anyone published a complete list/table of MSSQL (and other DB)
stored procs/pls on the web, and what the default privs to them are?


You can use DumpSec SQL to have a list of such default privs.
http://www.sqlservercentral.com/columnists/cmiller/dumpsqlpermissions.as
p

Nice tool to list all privs. Here are the features :(Copy past from the
web page)

"DumpSQLSec" which generates reports on:

Permissions for SQL Server Objects across multiple databases
DB Users across multiple database with optional role membership
DB Roles across multiple database with optional built-in roles and role
members
DB Privileges across multiple database
Server Roles with optional server role Logins
Server Logins with optional server roles and database access

Yann




-----Original Message-----
From: Frederic Charpentier [mailto:fcharpen@xmcopartners.com]
Sent: jeudi 17 novembre 2005 18:26
To: Evans, Arian
Cc: LAROUCHE Francois; Andres Molinetti; pen-test@securityfocus.com;
webappsec@securityfocus.com; websecurity@webappsec.org
Subject: Re: [WEB SECURITY] RE: Blind SQL Injection / Stored procedures

hi evans,

I saw a good one at
:http://www.securitymap.net/sdm/docs/windows/mssql-checklist.html

there's a list of stored procedure (not commented) like :

sp_sdidebug
xp_availablemedia
xp_cmdshell
xp_deletemail
xp_dirtree
xp_dropwebtask
xp_dsninfo
xp_enumdsn
xp_enumerrorlogs
xp_enumgroups
xp_enumqueuedtasks
xp_eventlog
xp_findnextmsg
xp_fixeddrives
xp_getfiledetails
xp_getnetname
xp_grantlogin
xp_logevent
xp_loginconfig
xp_logininfo
xp_makewebtask
xp_msver        xp_perfend
xp_perfmonitor
xp_perfsample
xp_perfstart
xp_readerrorlog
xp_readmail
xp_revokelogin
xp_runwebtask
xp_schedulersignal
xp_sendmail
xp_servicecontrol
xp_snmp_getstate
xp_snmp_raisetrap
xp_sprintf
xp_sqlinventory
xp_sqlregister
xp_sqltrace
xp_sscanf
xp_startmail
xp_stopmail
xp_subdirs
xp_unc_to_drive
Xp_regaddmultistring
Xp_regdeletekey
Xp_regdeletevalue
Xp_regenumvalues
Xp_regread
Xp_regremovemultistring
Xp_regwrite
Sp_OACreate
Sp_OADestroy
Sp_OAGetErrorInfo
Sp_OAGetProperty
Sp_OAMethod
Sp_OASetProperty
Sp_OAStop


Evans, Arian wrote:

Fancois, nice explanation,


-----Original Message-----
From: LAROUCHE Francois [mailto:Francois.Larouche@accorservices.com]
Sent: Thursday, November 17, 2005 8:59 AM

[...]

d) If you still can't well sorry... I think there is no other
way except those already mentioned by the others (by the way
to execute xp_makewebtask you need to have high user
privileges something you are obviously not)


Has anyone published a complete list/table of MSSQL (and other DB)
stored procs/pls on the web, and what the default privs to them are?

I've made one but I'm not sure yet if I'm allowed to publish it.

This would be a nice handy sql-injection reference table for
people who are new to SQLi with stored procs, or just have a
bad memory/aren't very smart [me].

-ae





---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/




--
Frederic Charpentier - Xmco Partners
Security Consulting / Pentest
web  : http://www.xmcopartners.com/tests-intrusion.html


______________________________________________________________________________________________________________________________
This email, the information contained within and any files transmitted with it 
(herein after referred as "the message")
are confidential. It is intended solely for the addressees and access to this 
message by any other person is not permitted.
If you are not the named addressee, please send it back immediately to the 
sender and delete it. Unauthorized disclosure,
publication, use, dissemination, forwarding, printing or copying of this 
message, either in whole or in part, is strictly
prohibited.
Emails are susceptible to alteration and their integrity cannot be guaranteed. 
Our company shall not be liable for this
message if modified or falsified.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Blind SQL Injection / Stored procedures, Victor Chapela
Next by Date:  RE: Blind SQL Injection / Stored procedures, LAROUCHE Francois
Previous by Thread:  RE: [WEB SECURITY] RE: Blind SQL Injection / Stored procedures, 김광진
Next by Thread:  IIS Security, Schmidt, Albert E
Indexes:  [Date] [Thread] [Top] [All Lists]