www.Tutorialsforu.info

Free Tutorials Cave

  • Increase font size
  • Default font size
  • Decrease font size
Your Ad Here



Attacking Web Datastore - Page 4

Saturday, 24 November 2007 10:25
E-mail Print
Article Index
Attacking Web Datastore
Page 2
Page 3
Page 4
Page 5
Page 6
Page 7
Page 8
All Pages
Page 4 of 8

MS SQL Server Techniques

Microsoft SQL Server has four default databases plus one sample:


t Master Manages data for all login accounts, configuration settings, other
databases, and initialization information. Many internal variables, stored
procedures, and extended stored procedures are called from this database.
n Model Provides a template for new databases.

n Msdb Supports SQL Server Agent for job scheduling.
n Tempdb Used as temporary storage for all jobs.
s Pubs Sample database that should be deleted.


We will definitely make queries of or access the Master database. More importantly,
we need to know some techniques to determine the database configuration, the Web
application’s database and tables, and the Windows environment around the database.
This is accomplished by accessing internal variables, stored procedures, and tables.
Default Internal Variables Microsoft SQL Server has several built-in variables that return
useful information about the server. These variables will be available even if the administrators
lock down access to the extended stored procedures (xp_* commands). They
also have the advantage of consisting of a single word. They don’t even require the
database name prepended, as in master..xp_cmdshell. Table 9-2 lists the default SQL
Server variables.


The procedures in boldface type return the most useful information. They also only
return a single datum—this comes in handy in some circumstances, such as manipulating
ODBC error codes that operate on a single variable.
Each of the procedures can also be called with a select statement in the format: SELECT @@variable.
The Name of the Rows SQL Server contains a small number of stored procedures that
users can call without explicit casting to the master.. database. Consequently, these are

 

Image

 

short, to-the-point procedures that return useful information. Table 9-3 contains a list of
the stored procedures commonly used to enumerate users, table, and custom stored
procedures.
The biggest advantage of these stored procedures is that they can be called without
reference to the Master database.

 

Image

 


 

Subscribe By Email

Enter your email address:

Delivered by FeedBurner

Translate

Donate

Development & maintainance needs time & money.
With your donation you can help us to keep this project alive
Donate:
  Monthly Monthly
Currency
Amount