Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

SQL Server Vulnerability details
From: chipandrews () USA NET (Chip Andrews)
Date: Sat, 18 Mar 2000 17:40:48 -0500

Due to the apparent blackout of information about the "SQL Query Abuse"
advisory http://www.microsoft.com/technet/security/bulletin/ms00-014.asp I
wanted to point any interested parties to an English description of the
vulnerability by Sven Hammesfahr.  The detailed description is on his
website at

http://itrain.de/sql/knowhow/security/openrowsete.htm

Also, the "little trick" he refers to is in my opinion the addition of SET
FMTONLY OFF before the execute statement to keep the query from returning
metadata only.  An example exploit would be:

SELECT * FROM OPENROWSET('SQLOLEDB','Trusted_Connection=Yes;Data
Source=myserver','SET FMTONLY OFF execute master..xp_cmdshell "dir c:\"')

Test your servers ASAP to keep from becoming a statistic...

-----------------------------------------
Chip Andrews, MCSE+I, MCSD
http://www.sqlsecurity.com
http://www.eexams.com
------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]