SQL Server 7.0 still vulnerable after all service packs

SQL Server 7.0 still vulnerable after all service packs

Post by Michael Evanch » Fri, 31 Jan 2003 20:06:53



c:\isql -S192.168.0.120 -Uguest -Q"master.dbo.xp_cmdshell 'enter your
dos command here'" -l10000 -t10000 -E >nul

This still seems to work on me.  Can i rename xp_cmdshell?, i know i
havent had to use it.

 
 
 

SQL Server 7.0 still vulnerable after all service packs

Post by Aaron Bertrand [MVP » Fri, 31 Jan 2003 20:37:35


And after you do this?

REVOKE EXEC ON xp_cmdshell TO guest

--
Aaron Bertrand, SQL Server MVP
http://www.aspfaq.com/

Please reply in the newsgroups, but if you absolutely
must reply via e-mail, please take out the TRASH.


Quote:> c:\isql -S192.168.0.120 -Uguest -Q"master.dbo.xp_cmdshell 'enter your
> dos command here'" -l10000 -t10000 -E >nul

> This still seems to work on me.  Can i rename xp_cmdshell?, i know i
> havent had to use it.


 
 
 

SQL Server 7.0 still vulnerable after all service packs

Post by Tibor Karasz » Fri, 31 Jan 2003 23:03:38


Small typo from Aaron :-)

... FROM guest

Or perhaps even:

DENY EXEC ON xp_cmdshell TO guest

--
Tibor Karaszi, SQL Server MVP
Archive at: http://groups.google.com/groups?oi=djq&as_ugroup=microsoft.public.sql...



> And after you do this?

> REVOKE EXEC ON xp_cmdshell TO guest

> --
> Aaron Bertrand, SQL Server MVP
> http://www.aspfaq.com/

> Please reply in the newsgroups, but if you absolutely
> must reply via e-mail, please take out the TRASH.



> > c:\isql -S192.168.0.120 -Uguest -Q"master.dbo.xp_cmdshell 'enter your
> > dos command here'" -l10000 -t10000 -E >nul

> > This still seems to work on me.  Can i rename xp_cmdshell?, i know i
> > havent had to use it.

 
 
 

SQL Server 7.0 still vulnerable after all service packs

Post by Aaron Bertrand [MVP » Fri, 31 Jan 2003 23:23:42


Hmmm, I ran the statement as is and it seemed to work, maybe both FROM and
TO are accepted?

--
Aaron Bertrand, SQL Server MVP
http://www.aspfaq.com/

Please reply in the newsgroups, but if you absolutely
must reply via e-mail, please take out the TRASH.



Quote:> Small typo from Aaron :-)

> ... FROM guest

> Or perhaps even:

> DENY EXEC ON xp_cmdshell TO guest

> --
> Tibor Karaszi, SQL Server MVP
> Archive at:

http://groups.google.com/groups?oi=djq&as_ugroup=microsoft.public.sql...



> > And after you do this?

> > REVOKE EXEC ON xp_cmdshell TO guest

> > --
> > Aaron Bertrand, SQL Server MVP
> > http://www.aspfaq.com/

> > Please reply in the newsgroups, but if you absolutely
> > must reply via e-mail, please take out the TRASH.



> > > c:\isql -S192.168.0.120 -Uguest -Q"master.dbo.xp_cmdshell 'enter your
> > > dos command here'" -l10000 -t10000 -E >nul

> > > This still seems to work on me.  Can i rename xp_cmdshell?, i know i
> > > havent had to use it.

 
 
 

SQL Server 7.0 still vulnerable after all service packs

Post by Tibor Karasz » Fri, 31 Jan 2003 23:31:07


Indeed Aaron. I was only going by BOL, never tried to REVOKE TO...

--
Tibor Karaszi, SQL Server MVP
Archive at: http://groups.google.com/groups?oi=djq&as_ugroup=microsoft.public.sql...



> Hmmm, I ran the statement as is and it seemed to work, maybe both FROM and
> TO are accepted?

> --
> Aaron Bertrand, SQL Server MVP
> http://www.aspfaq.com/

> Please reply in the newsgroups, but if you absolutely
> must reply via e-mail, please take out the TRASH.



> > Small typo from Aaron :-)

> > ... FROM guest

> > Or perhaps even:

> > DENY EXEC ON xp_cmdshell TO guest

> > --
> > Tibor Karaszi, SQL Server MVP
> > Archive at:
> http://groups.google.com/groups?oi=djq&as_ugroup=microsoft.public.sql...



> > > And after you do this?

> > > REVOKE EXEC ON xp_cmdshell TO guest

> > > --
> > > Aaron Bertrand, SQL Server MVP
> > > http://www.aspfaq.com/

> > > Please reply in the newsgroups, but if you absolutely
> > > must reply via e-mail, please take out the TRASH.



> > > > c:\isql -S192.168.0.120 -Uguest -Q"master.dbo.xp_cmdshell 'enter your
> > > > dos command here'" -l10000 -t10000 -E >nul

> > > > This still seems to work on me.  Can i rename xp_cmdshell?, i know i
> > > > havent had to use it.

 
 
 

SQL Server 7.0 still vulnerable after all service packs

Post by Aaron Bertrand [MVP » Fri, 31 Jan 2003 23:39:09


Right, in English it doesn't make a whole lot of sense.  But I could
certainly come up with worse examples of T-SQL code that translate horribly
to English grammar.  :-)

--
Aaron Bertrand, SQL Server MVP
http://www.aspfaq.com/

Please reply in the newsgroups, but if you absolutely
must reply via e-mail, please take out the TRASH.



Quote:> Indeed Aaron. I was only going by BOL, never tried to REVOKE TO...

> --
> Tibor Karaszi, SQL Server MVP
> Archive at:

http://groups.google.com/groups?oi=djq&as_ugroup=microsoft.public.sql...



> > Hmmm, I ran the statement as is and it seemed to work, maybe both FROM
and
> > TO are accepted?

> > --
> > Aaron Bertrand, SQL Server MVP
> > http://www.aspfaq.com/

> > Please reply in the newsgroups, but if you absolutely
> > must reply via e-mail, please take out the TRASH.

> > "Tibor Karaszi"



> > > Small typo from Aaron :-)

> > > ... FROM guest

> > > Or perhaps even:

> > > DENY EXEC ON xp_cmdshell TO guest

> > > --
> > > Tibor Karaszi, SQL Server MVP
> > > Archive at:

http://groups.google.com/groups?oi=djq&as_ugroup=microsoft.public.sql...

- Show quoted text -



> > > > And after you do this?

> > > > REVOKE EXEC ON xp_cmdshell TO guest

> > > > --
> > > > Aaron Bertrand, SQL Server MVP
> > > > http://www.aspfaq.com/

> > > > Please reply in the newsgroups, but if you absolutely
> > > > must reply via e-mail, please take out the TRASH.



> > > > > c:\isql -S192.168.0.120 -Uguest -Q"master.dbo.xp_cmdshell 'enter
your
> > > > > dos command here'" -l10000 -t10000 -E >nul

> > > > > This still seems to work on me.  Can i rename xp_cmdshell?, i know
i
> > > > > havent had to use it.