Once met, almost crazy, there is a friend of MSSQL, just try it and delete the following components. Of course, the premise is that you have to do your own database after the deletion, or the component removed many functions can not be used, in order to be safe, you have to sacrifice some features, of course, like me, I, in addition to the MSSQL import, Basically less than two times a year, so I will not hesitate to delete, hey.
First, delete the SQL procedure with security issues. More comprehensive. Everything for safety!
Delete the call shell, registry, COM component's corrupted permissions
MS SQL SERVER2000
Log in to Query Analyzer with System account
Run the following script
Copy Code code as follows:
Use master
Exec sp_dropextendedproc ' xp_cmdshell '
exec sp_dropexte Ndedproc ' xp_enumgroups '
exec sp_dropextendedproc ' xp_loginconfig '
exec sp_dropextendedproc ' xp_enumerrorlogs '
exec sp_dropextendedproc ' xp_getfiledetails '
exec sp_dropextendedproc ' sp_oacreate '
exec sp_dropextend Edproc ' sp_OADestroy '
exec sp_dropextendedproc ' sp_OAGetErrorInfo '
exec sp_dropextendedproc ' sp_OAGetProperty '
exec sp_dropextendedproc ' sp_OAMethod '
exec sp_dropextendedproc ' sp_OASetProperty '
exec Sp_dropextende Dproc ' sp_oastop '
exec sp_dropextendedproc ' xp_regaddmultistring '
exec sp_dropextendedproc ' Xp_regdeletekey '
Exec sp_dropextendedproc ' xp_regdeletevalue '
exec sp_dropextendedproc ' xp_regenumvalues '
exec sp_dropexte Ndedproc ' xp_regremovemultistring '
exec sp_dropextendedproc ' xp_regwrite '
drop procedure sp_makewebtask
Go
Remove all dangerous extensions.
exec sp_dropextendedproc ' xp_cmdshell ' [will not be able to connect to the database remotely after this extension is removed]
The following 3 stored procedures are used when SQL Server restores a backup, not necessary do not delete
#exec sp_dropextendedproc ' xp_dirtree ' [delete this extension, you will not be able to create a new or additional database]
#exec sp_dropextendedproc ' xp_regread ' [restore database assist after removing this extension]
#exec sp_dropextendedproc ' xp_fixeddrives ' [the database cannot be restored after this extension is deleted]
Recovery Scripts
Copy Code code as follows:
Use master
EXEC sp_addextendedproc xp_cmdshell, @dllname = ' Xplog70.dll '
EXEC sp_addextendedproc xp_enumgroups, @dllname = ' Xplog70.dll '
EXEC sp_addextendedproc xp_loginconfig, @dllname = ' Xplog70.dll '
EXEC sp_addextendedproc xp_enumerrorlogs, @dllname = ' Xpstar.dll '
EXEC sp_addextendedproc xp_getfiledetails, @dllname = ' Xpstar.dll '
EXEC sp_addextendedproc sp_oacreate, @dllname = ' Odsole70.dll '
EXEC sp_addextendedproc sp_OADestroy, @dllname = ' Odsole70.dll '
EXEC sp_addextendedproc sp_OAGetErrorInfo, @dllname = ' Odsole70.dll '
EXEC sp_addextendedproc sp_oagetproperty, @dllname = ' Odsole70.dll '
EXEC sp_addextendedproc sp_OAMethod, @dllname = ' Odsole70.dll '
EXEC sp_addextendedproc sp_OASetProperty, @dllname = ' Odsole70.dll '
EXEC sp_addextendedproc sp_oastop, @dllname = ' Odsole70.dll '
EXEC sp_addextendedproc xp_regaddmultistring, @dllname = ' Xpstar.dll '
EXEC sp_addextendedproc xp_regdeletekey, @dllname = ' Xpstar.dll '
EXEC sp_addextendedproc xp_regdeletevalue, @dllname = ' Xpstar.dll '
EXEC sp_addextendedproc xp_regenumvalues, @dllname = ' Xpstar.dll '
EXEC sp_addextendedproc xp_regremovemultistring, @dllname = ' Xpstar.dll '
EXEC sp_addextendedproc xp_regwrite, @dllname = ' Xpstar.dll '
EXEC sp_addextendedproc xp_dirtree, @dllname = ' Xpstar.dll '
EXEC sp_addextendedproc xp_regread, @dllname = ' Xpstar.dll '
EXEC sp_addextendedproc xp_fixeddrives, @dllname = ' Xpstar.dll '
Go
Copy all to SQL Query Analyzer
Clicking on the menu-"Query"-"execute" will remove the SQL process with security issues
two, SQL Server 2000 vulnerability has been a lot
Some time ago my own server has a SQL temporary storage process Vulnerability
Vulnerability extension: Xp_dirtree storage process
Beforehand: A vulnerability was recently found to be caused by SQL Server
Just a few days ago, there is nothing to use a SQL injection tool for the server to inject their own servers, accidentally found the use of MSSQL Web site can be used in the form of SQL injection of the entire server directory (my server security settings) can still be seen, Then a grab tool is installed on the server to grab the SQL Server, use the tool to connect SQL vulnerabilities Xp_dirtree read the directory, you can get the entire server directory, such as listing the C disk directory He will list all the directories under your C-disk, which is very unsafe, At present is only able to investigate the catalogue to wear things, we can imagine, if I arbitrarily modify a Boot.ini cover the C-disk boot.ini is a concept, OH first can cause service its paralysis, unable to read the system
Solution: Delete xp_dirtree, command is Sp_dropextendedproc ' Xp_dirtree '
Delete the above build you are using a D or any of the SQL injection tools are in vain
Here also to provide you with some other SQL dangerous storage process
Suggested deletion
[Note: All operations that delete SQL stored procedures must be operated in the MSSQL Query Analyzer, which is preceded by the name of the stored procedure and the command to delete the stored procedure]
First, list the dangerous built-in stored procedures:
| xp_cmdshell |
Sp_dropextendedproc ' xp_cmdshell ' |
| Xp_regaddmultistring |
Sp_dropextendedproc ' xp_regaddmultistring ' |
| Xp_regdeletekey |
Sp_dropextendedproc ' Xp_regdeletekey ' |
| Xp_regdeletevalue |
Sp_dropextendedproc ' Xp_regdeletevalue ' |
| Xp_regenumkeys |
Sp_dropextendedproc ' Xp_regenumkeys ' |
| Xp_regenumvalues |
Sp_dropextendedproc ' Xp_regenumvalues ' |
| Xp_regread |
Sp_dropextendedproc ' Xp_regread ' |
| Xp_regremovemultistring |
Sp_dropextendedproc ' xp_regremovemultistring ' |
| Xp_regwrite |
Sp_dropextendedproc ' Xp_regwrite ' |
ActiveX Scripts:
| sp_OACreate |
Sp_dropextendedproc ' sp_OACreate ' |
| sp_OADestroy |
Sp_dropextendedproc ' sp_OADestroy ' |
| sp_OAMethod |
Sp_dropextendedproc ' sp_OAMethod ' |
| sp_OAGetProperty |
Sp_dropextendedproc ' sp_OAGetProperty ' |
| sp_OAGetErrorInfo |
Sp_dropextendedproc ' sp_OAGetErrorInfo ' |
| sp_OAStop |
Sp_dropextendedproc ' sp_OAStop ' |
