Vulnerability Extension: xp_dirtree Stored Procedure
Beforehand: I recently discovered a vulnerability that was caused by an SQL Server. Just a few days ago, I used a SQL injection tool to inject my server's website, by accident, we found that mssql can be used to obtain all directories on the server (my server has made security settings, then, a packet capture tool is installed on the server to capture the SQL server packets. The tool is used to connect to the SQL vulnerability xp_dirtree to read the Directory and obtain the entire server directory, for example, listing the directory on drive C will list all the directories on drive C, which is very insecure. Currently, we can only investigate and handle the directory wearing things. You can imagine that, if you want to modify a boot. ini overwrites the boot of drive C. what is the concept of ini? First, it can lead to service paralysis and cannot read the system.
Solution: delete xp_dirtree. The command is sp_dropextendedproc 'xp _ dirtree'
If you have deleted the preceding SQL injection tool, you are using the SDK or any SQL injection tool. Here, we also provide you with some other dangerous SQL stored procedures. We recommend that you delete it. [Note: All operations to delete the SQL stored procedure must be performed in the mssql query analyzer. Which of the following statements follow the stored procedure name followed by the command to delete the stored procedure?]
First, list dangerous internal storage processes:
Xp_mongoshell |
Sp_dropextendedproc 'xp _ export shell' |
Xp_regaddmultistring |
Sp_dropextendedproc 'xp _ regaddmultistring' |
Xp_regdeletekey |
Sp_dropextendedproc 'xp _ regdeletekey' |
Xp_regdeletevalue |
Sp_dropextendedproc 'xp _ regdeletevalue' |
Xp_regenumkeys |
Sp_dropextendedproc 'xp _ regenumkeys' |
Xp_regenumvalues |
Sp_dropextendedproc 'xp _ regenumvalues' |
Xp_regread |
Sp_dropextendedproc 'xp _ regread' |
Xp_regremovemultistring |
Sp_dropextendedproc 'xp _ regremovemultistring' |
Xp_regwrite |
Sp_dropextendedproc 'xp _ regwrite' |
ActiveX script:
Sp_OACreate |
Sp_dropextendedproc 'SP _ OACreate' |
Sp_OADestroy |
Sp_dropextendedproc 'SP _ OADestroy' |
Sp_OAMethod |
Sp_dropextendedproc 'SP _ oamethod' |
Sp_OAGetProperty |
Sp_dropextendedproc 'SP _ oagetproperties' |
Sp_OAGetErrorInfo |
Sp_dropextendedproc 'SP _ oageterrorinfo' |
Sp_OAStop |
Sp_dropextendedproc 'SP _ oastop' |
Note: deleting certain stored procedures may cause some functions of the website to be unavailable. Therefore, we recommend that you remove the EXEC permission of the Public group in the extended storage process of the master database, this is relatively safe. If there is no problem, delete it. If there is a problem, you need to change it back.