mssql資料庫存在幾個危險的擴充套件儲存過程,預設public組可執行許可權,sql注入者可利用此讀取檔案目錄及使用者組,並可通過先寫入資料庫然後匯出為檔案的方法往伺服器寫入危險指令碼進一步提權,或直接使用某些儲存過程執行命令,如xp_cmdshell。這些儲存過程如下:
sp_makewebtask
xp_cmdshell
xp_dirtree
xp_fileexist
xp_terminate_process
sp_oamethod
sp_oacreate
xp_regaddmultistring
xp_regdeletekey
xp_regdeletevalue
xp_regenumkeys
xp_regenumvalues
sp_add_job
sp_addtask
xp_regread
xp_regwrite
xp_readwebtask
xp_makewebtask
xp_regremovemultistring
對應措施:刪除上述儲存過程或可執行檔案或修改儲存過程相應使用者組可執行許可權,刪除上述儲存過程對應指令碼為:
drop procedure sp_makewebtask
exec master..sp_dropextendedproc xp_cmdshell
exec master..sp_dropextendedproc xp_dirtree
exec master..sp_dropextendedproc xp_fileexist
exec master..sp_dropextendedproc xp_terminate_process
exec master..sp_dropextendedproc sp_oamethod
exec master..sp_dropextendedproc sp_oacreate
exec master..sp_dropextendedproc xp_regaddmultistring
exec master..sp_dropextendedproc xp_regdeletekey
exec master..sp_dropextendedproc xp_regdeletevalue
exec master..sp_dropextendedproc xp_regenumkeys
exec master..sp_dropextendedproc xp_regenumvalues
exec master..sp_dropextendedproc sp_add_job
exec master..sp_dropextendedproc sp_addtask
exec master..sp_dropextendedproc xp_regread
exec master..sp_dropextendedproc xp_regwrite
exec master..sp_dropextendedproc xp_readwebtask
exec master..sp_dropextendedproc xp_makewebtask
exec master..sp_dropextendedproc xp_regremovemultistring
舉例:exec xp_dirtree 'c:' 1,1
mssql 危險擴充套件儲存過程
drop procedure sp makewebtask exec master.sp dropextendedproc xp cmdshell exec master.sp dropextendedproc xp dirtree exec master.sp dropextendedproc x...
儲存過程幾個例子
create or replace procedure peace if is cursor var c is select from grade begin for temp in var c loop if temp.course name os then dbms output.put lin...
sql儲存過程幾個例項
例1 create proc proc stu sname varchar 20 pwd varchar 20 as select from ren where sname sname and pwd pwd go檢視結果 proc stu admin admin 例2 下面的儲存過程實現使用者驗證...