Re: xp_cmdshell with low permission

From: Hanserl (tomiknocker@hotmail.com)
Date: Sun Oct 16 2005 - 16:00:43 EDT

• Next message: Carl: "Hey there"
• Previous message: rob havelt: "Re: Pen test - Attorney client Privilege?"
• In reply to: Frederic Charpentier: "xp_cmdshell with low permission"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

you could try if you can instantiate COM objects and go from there. there
are a couple of SPs that support this (they are starting with oa) eg.
oaCreate.

----- Original Message -----
From: "Frederic Charpentier" <fcharpen@xmcopartners.com>
To: <pen-test@securityfocus.com>
Sent: Saturday, October 15, 2005 7:40 AM
Subject: xp_cmdshell with low permission

> Hello all,
>
> I'm conducting a pentest on a IIS/Coldfusion/MSSQL server.
> I've found a sql injection flaw, but the server does not allow me to run
> "xp_cmdshell" commands.
>
> I use the following trick : exec master.dbo.xp_cmdshell "dir"; --
>
> The server response :
> EXECUTE permission denied on object 'xp_cmdshell', database 'master',
> owner 'dbo'.
>
> I understand the coldfusion script use a low privileged user. So, two
> questions :
>
> - Is there another way to use xp_cmdshell ?
> - Is it possible to change the current user ? (like
> http://../script?param=1';user(sa,"sa");exec master.dbo.xp_cmdshell
> "dir"; --
>
> Thanks in advance for ideas.
>
> FRED
>
> ------------------------------------------------------------------------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers
> are futile against web application hacking. Check your website for
> vulnerabilities to SQL injection, Cross site scripting and other web
> attacks before hackers do! Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------
>
>

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Carl: "Hey there"
• Previous message: rob havelt: "Re: Pen test - Attorney client Privilege?"
• In reply to: Frederic Charpentier: "xp_cmdshell with low permission"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:04 EDT