| Article Index |
|---|
| Attacking Web Datastore |
| Page 2 |
| Page 3 |
| Page 4 |
| Page 5 |
| Page 6 |
| Page 7 |
| Page 8 |
| All Pages |
Extended Stored Procedures The extended stored procedures, signified by the “xp_” prefix,
provide robust system administration from the comfort of SQL. We will cover countermeasures
at the end of this chapter, but we’ll hint that one countermeasure involves
removing these commands entirely. Table 9-4 lists some procedures that do not require a
parameter. Table 9-5 contains a list of useful procedures that require a parameter.
Depending on the injection vector, you may not always be able to execute SQL statements
that require a parameter.
These few commands cover just about any aspect of system-level access. Also, before
you’re tempted to use xp_regread to grab the SAM file, you should know that that technique
only works against systems that do not have Syskey enabled. Windows 2000
enables this by default.
Default Local Tables (the Useful Ones) Also known as System Table Objects, these tables
contain information about the database and the operating system. Table 9-6 lists tables
that have the most useful information.
The easiest method to retrieve information from one of these tables is a SELECT *
statement. For example:
SELECT * FROM sysfiles
However, if you are familiar with databases, then you can pare the request to certain
fields—for example, to view all stored procedures:
SELECT name FROM sysobjects WHERE type = 'P'
Default Master Tables (the Useful Ones) Table 9-7 lists selected tables from the Master
database. These tables provide detailed information on the operating system and
database configurations. A SELECT from one of these tables usually requires the
“master..” indication:
SELECT * FROM master..sysdevices
