About xp_cmdshell .. Pay attention to security!

From: http://www.cnblogs.com/lbk/archive/2005/04/28/146973.html

 

I read a bit about the stored procedure yesterday, and I talked about xp_mongoshell. I used to only know that hackers can intrude into your system through the MSSQL vulnerability. After knowing the power of xp_mongoshell, I tried it and it was a bit open. Here is something about it.

Xp_cmdshell allows the system administrator to execute the specified command string in the operating system command line interpreter,
And returns any output in the form of text lines. It is a very powerful extended storage process.
In general, xp_mongoshell is not necessary for the Administrator. The elimination of xp_mongoshell will not cause the server
Any impact.
You can remove xp_cmdshell:
Use master
Exec sp_dropextendedproc n 'xp _ export shell'
Go

If necessary, you can restore xp_mongoshell back:
Use master
Exec sp_addextendedproc n 'xp _ cmdshell', n'xp log70. dll'
Go

Xp_cmdshell command shell
This process is an extended stored procedure used to execute a specified command string and return any output as a text line.
Syntax:
Xp_cmdshell command_string [, no_output]
Command_string command string to be executed
No_output does not return the output of Command Execution
Note:
When you grant the execution permission of xp_cmdshell to a user, you can run
The account that runs SQL Server Shell (usually a local system) has any execution privilege
Operating system commands.
Example:
1. Exec master .. xp_cmdshell "dir *. EXE"
Returns the list of executable files.
2. Exec master .. xp_mongoshell "Copy D: \ test1.jpg E: \" no_output
No output is returned.
3. Especially for execution
Exec master.. xp_mongoshell "Net start awhost32"
Exec master.. xp_mongoshell "net stop awhost32"
You can start and stop remote pcAnywhere services. It is very helpful for remote server operations.