1、删除危险存储过程
use master
EXEC sp_dropextendedproc 'xp_cmdshell'
EXEC sp_dropextendedproc 'Sp_OACreate'
EXEC sp_dropextendedproc 'Sp_OADestroy'
EXEC sp_dropextendedproc 'Sp_OAGetErrorInfo'
EXEC sp_dropextendedproc 'Sp_OAGetProperty'
EXEC sp_dropextendedproc 'Sp_OAMethod'
EXEC sp_dropextendedproc 'Sp_OASetProperty'
EXEC sp_dropextendedproc 'Sp_OAStop'
EXEC sp_dropextendedproc 'Xp_regaddmultistring'
EXEC sp_dropextendedproc 'Xp_regdeletekey'
EXEC sp_dropextendedproc 'Xp_regdeletevalue'
EXEC sp_dropextendedproc 'Xp_regenumvalues'
EXEC sp_dropextendedproc 'Xp_regread'
EXEC sp_dropextendedproc 'Xp_regremovemultistring'
EXEC sp_dropextendedproc 'Xp_regwrite'
drop procedure sp_makewebtask
xp_cmdshell 扩展存储过程将命令字符串作为操作系统命令 shell 执行,并以文本行的形式返回所有输出;如果没有删除,那么可以采用http://site/show.asp?id=1001 and 1=(select IS_SRVROLEMEMBER('sysadmin'))方式来判断是否该站点用户是否具有sysadmin权限,一但sa口令被暴力破解,则利用xp_cmdshell在sql server里执行操作系统命令,如创建系统管理员账号;sql server 2000默认此命令是开放的,sql server 2005默认是关闭的;
--2、恢复
use master
EXEC sp_addextendedproc xp_cmdshell,'xplog70.dll'
EXEC sp_addextendedproc Sp_OACreate, 'odsole70.dll'
EXEC sp_addextendedproc Sp_OADestroy, 'odsole70.dll'
EXEC sp_addextendedproc Sp_OAGetErrorInfo, 'odsole70.dll'
EXEC sp_addextendedproc Sp_OAGetProperty, 'odsole70.dll'
EXEC sp_addextendedproc Sp_OAMethod, 'odsole70.dll'
EXEC sp_addextendedproc Sp_OASetProperty, 'odsole70.dll'
EXEC sp_addextendedproc Sp_OAStop, 'odsole70.dll'
EXEC sp_addextendedproc Xp_regaddmultistring, 'xpstar.dll'
EXEC sp_addextendedproc Xp_regdeletekey, 'xpstar.dll'
EXEC sp_addextendedproc Xp_regdeletevalue, 'xpstar.dll'
EXEC sp_addextendedproc Xp_regenumvalues, 'xpstar.dll'
EXEC sp_addextendedproc Xp_regread, 'xpstar.dll'
EXEC sp_addextendedproc Xp_regremovemultistring, 'xpstar.dll'
EXEC sp_addextendedproc Xp_regwrite, 'xpstar.dll'
SET QUOTED_IDENTIFIER OFF
GO
SET ANSI_NULLS ON
GO
