幾個危險的擴充套件儲存過程

2022-04-04 05:05:17 字數 1709 閱讀 4212

mssql資料庫存在幾個危險的擴充套件儲存過程,預設public組可執行許可權,sql注入者可利用此讀取檔案目錄及使用者組,並可通過先寫入資料庫然後匯出為檔案的方法往伺服器寫入危險指令碼進一步提權,或直接使用某些儲存過程執行命令,如xp_cmdshell。這些儲存過程如下:

sp_makewebtask

xp_cmdshell

xp_dirtree

xp_fileexist

xp_terminate_process

sp_oamethod

sp_oacreate

xp_regaddmultistring

xp_regdeletekey

xp_regdeletevalue

xp_regenumkeys

xp_regenumvalues

sp_add_job

sp_addtask

xp_regread

xp_regwrite

xp_readwebtask

xp_makewebtask

xp_regremovemultistring

對應措施:刪除上述儲存過程或可執行檔案或修改儲存過程相應使用者組可執行許可權,刪除上述儲存過程對應指令碼為:

drop procedure sp_makewebtask

exec master..sp_dropextendedproc xp_cmdshell

exec master..sp_dropextendedproc xp_dirtree

exec master..sp_dropextendedproc xp_fileexist

exec master..sp_dropextendedproc xp_terminate_process

exec master..sp_dropextendedproc sp_oamethod

exec master..sp_dropextendedproc sp_oacreate

exec master..sp_dropextendedproc xp_regaddmultistring

exec master..sp_dropextendedproc xp_regdeletekey

exec master..sp_dropextendedproc xp_regdeletevalue

exec master..sp_dropextendedproc xp_regenumkeys

exec master..sp_dropextendedproc xp_regenumvalues

exec master..sp_dropextendedproc sp_add_job

exec master..sp_dropextendedproc sp_addtask

exec master..sp_dropextendedproc xp_regread

exec master..sp_dropextendedproc xp_regwrite

exec master..sp_dropextendedproc xp_readwebtask

exec master..sp_dropextendedproc xp_makewebtask

exec master..sp_dropextendedproc xp_regremovemultistring 

舉例:exec xp_dirtree 'c:' 1,1

mssql 危險擴充套件儲存過程

drop procedure sp makewebtask exec master.sp dropextendedproc xp cmdshell exec master.sp dropextendedproc xp dirtree exec master.sp dropextendedproc x...

儲存過程幾個例子

create or replace procedure peace if is cursor var c is select from grade begin for temp in var c loop if temp.course name os then dbms output.put lin...

sql儲存過程幾個例項

例1 create proc proc stu sname varchar 20 pwd varchar 20 as select from ren where sname sname and pwd pwd go檢視結果 proc stu admin admin 例2 下面的儲存過程實現使用者驗證...