sqlserver数据库危险扩展删除和恢复代码-Mysql Tutorial-php.cn

Home

Database

Mysql Tutorial

sqlserver数据库危险扩展删除和恢复代码

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 07, 2016 pm 06:01 PM

delete recover Expand

今天为了实现sqlserver的复制功能，因为以前删除了很多的sqlserver的一些会导致不安全因素的扩展，导致很多功能无法用，没有办法需要重新的恢复扩展。

曾经遇过,差点抓狂,有装MSSQL的朋友,赶紧试一下,删除以下的组件.当然,前提是你要把自己的数据库搞定后再去删除,否则组件删除后很多功能不能用,为了安全,就得牺牲某些功能,当然,像我这类的,我除了把MSSQL导入后,基本上一年用不到两次,所以,我是会毫不犹豫地删除,嘿.

一, 将有安全问题的SQL过程删除.比较全面.一切为了安全!

删除了调用shell，，COM组件的破坏权限

MS SQL SERVER2000
使用系统帐户登陆查询分析器
运行以下脚本
代码如下:
use master
exec sp_dropextendedproc 'xp_cmdshell'
exec sp_dropextendedproc 'xp_enumgroups'
exec sp_dropextendedproc 'xp_loginconfig'
exec sp_dropextendedproc 'xp_enumerrorlogs'
exec sp_dropextendedproc 'xp_getfiledetails'
exec sp_dropextendedproc 'Sp_OACreate'
exec sp_dropextendedproc 'Sp_OADestroy'
exec sp_dropextendedproc 'Sp_OAGetErrorInfo'
exec sp_dropextendedproc 'Sp_OAGetProperty'
exec sp_dropextendedproc 'Sp_OAMethod'
exec sp_dropextendedproc 'Sp_OASetProperty'
exec sp_dropextendedproc 'Sp_OAStop'
exec sp_dropextendedproc 'xp_regaddmultistring'
exec sp_dropextendedproc 'xp_regdeletekey'
exec sp_dropextendedproc 'xp_regdeletevalue'
exec sp_dropextendedproc 'xp_regenumvalues'
exec sp_dropextendedproc 'xp_regremovemultistring'
exec sp_dropextendedproc 'xp_regwrite'
drop procedure sp_makewebtask
go

删除所有危险的扩展.
exec sp_dropextendedproc 'xp_cmdshell' [删除此项扩展后,将无法远程连接数据库]
以下3个存储过程会在SQL SERVER恢复备份时被使用,非必要请勿删除
#exec sp_dropextendedproc 'xp_dirtree' [删除此项扩展后,将无法新建或附加数据库]
#exec sp_dropextendedproc 'Xp_regread' [删除此项扩展后, 还原数据库辅助]
#exec sp_dropextendedproc 'xp_fixeddrives' [删除此项扩展后,将无法还原数据库]

恢复脚本
代码如下:
use master
EXEC sp_addextendedproc xp_cmdshell ,@dllname ='xplog70.dll'
EXEC sp_addextendedproc xp_enumgroups ,@dllname ='xplog70.dll'
EXEC sp_addextendedproc xp_loginconfig ,@dllname ='xplog70.dll'
EXEC sp_addextendedproc xp_enumerrorlogs ,@dllname ='xpstar.dll'
EXEC sp_addextendedproc xp_getfiledetails ,@dllname ='xpstar.dll'
EXEC sp_addextendedproc Sp_OACreate ,@dllname ='odsole70.dll'
EXEC sp_addextendedproc Sp_OADestroy ,@dllname ='odsole70.dll'
EXEC sp_addextendedproc Sp_OAGetErrorInfo ,@dllname ='odsole70.dll'
EXEC sp_addextendedproc Sp_OAGetProperty ,@dllname ='odsole70.dll'
EXEC sp_addextendedproc Sp_OAMethod ,@dllname ='odsole70.dll'
EXEC sp_addextendedproc Sp_OASetProperty ,@dllname ='odsole70.dll'
EXEC sp_addextendedproc Sp_OAStop ,@dllname ='odsole70.dll'
EXEC sp_addextendedproc xp_regaddmultistring ,@dllname ='xpstar.dll'
EXEC sp_addextendedproc xp_regdeletekey ,@dllname ='xpstar.dll'
EXEC sp_addextendedproc xp_regdeletevalue ,@dllname ='xpstar.dll'
EXEC sp_addextendedproc xp_regenumvalues ,@dllname ='xpstar.dll'
EXEC sp_addextendedproc xp_regremovemultistring ,@dllname ='xpstar.dll'
EXEC sp_addextendedproc xp_regwrite ,@dllname ='xpstar.dll'
EXEC sp_addextendedproc xp_dirtree ,@dllname ='xpstar.dll'
EXEC sp_addextendedproc xp_regread ,@dllname ='xpstar.dll'
EXEC sp_addextendedproc xp_fixeddrives ,@dllname ='xpstar.dll'
go

全部复制到"SQL查询分析器"

点击菜单上的--"查询"--"执行"，就会将有安全问题的SQL过程删除

二,SQL server 2000漏洞一直很多
　　前段时间我自己的服务器就出现了一个sql的临时储存过程漏洞
　　漏洞扩展：xp_dirtree储存过程

　　事前：最近发现一个漏洞是sql服务器造成的
前几天正好没有什么事情，就用阿d的sql注入工具对自己服务器的网站进行注入，偶然发现了使用mssql的网站浸染可以利用sql注入的形式得到整个服务器上所有目录（我的服务器作了的）依然可以看见，然后在服务器上安装了一个抓包工具对sql server进行抓包发现，使用工具连接sql漏洞xp_dirtree读取目录，可获得整个服务器目录，如列出c盘目录他会把你c盘下的所有目录列出来，这样是很不安全的，目前是只可以查处目录上穿东西，大家可以设想一下，如果我随意修改一个boot.ini覆盖了c盘的boot.ini是一个什么概念，呵呵首先可以导致服务其瘫痪，无法读取系统
解决方案：删除xp_dirtree，命令是sp_dropextendedproc 'xp_dirtree'
删除了以上的那个组建您在使用阿d或者任何的sql注入工具都是白搭

　　在这里也给大家提供一些其他sql危险的储存过程
　　建议删除

　　[注意：所有删除sql储存过程的操作必须在mssql查询分析器里操作，下面哪些前面的是储存过程的名字后面是删除储存过程的命令]

先来列出危险的内置存储过程：

ActiveX脚本：

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)

1 months ago By 尊渡假赌尊渡假赌尊渡假赌

R.E.P.O. Best Graphic Settings

1 months ago By 尊渡假赌尊渡假赌尊渡假赌

Assassin's Creed Shadows: Seashell Riddle Solution

3 weeks ago By DDD

What's New in Windows 11 KB5054979 & How to Fix Update Issues

2 weeks ago By DDD

Will R.E.P.O. Have Crossplay?

1 months ago By 尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7549

CakePHP Tutorial

1382

What is the format of the account name of steam

win11 activation key permanent

nyt connections hints and answers

Related knowledge

How to delete Xiaohongshu notes Mar 21, 2024 pm 08:12 PM

How to delete Xiaohongshu notes? Notes can be edited in the Xiaohongshu APP. Most users don’t know how to delete Xiaohongshu notes. Next, the editor brings users pictures and texts on how to delete Xiaohongshu notes. Tutorial, interested users come and take a look! Xiaohongshu usage tutorial How to delete Xiaohongshu notes 1. First open the Xiaohongshu APP and enter the main page, select [Me] in the lower right corner to enter the special area; 2. Then in the My area, click on the note page shown in the picture below , select the note you want to delete; 3. Enter the note page, click [three dots] in the upper right corner; 4. Finally, the function bar will expand at the bottom, click [Delete] to complete.

Is it true that you can be blocked and deleted on WeChat and permanently unable to be added? Apr 08, 2024 am 11:41 AM

1. First of all, it is false to block and delete someone permanently and not add them permanently. If you want to add the other party after you have blocked them and deleted them, you only need the other party's consent. 2. If a user blocks someone, the other party will not be able to send messages to the user, view the user's circle of friends, or make calls with the user. 3. Blocking does not mean deleting the other party from the user's WeChat contact list. 4. If the user deletes the other party from the user's WeChat contact list after blocking them, there is no way to recover after deletion. 5. If the user wants to add the other party as a friend again, the other party needs to agree and add the user again.

How to restore chat spark on TikTok Mar 16, 2024 pm 01:25 PM

On Douyin, a short video platform full of creativity and vitality, we can not only enjoy a variety of exciting content, but also have in-depth communications with like-minded friends. Among them, chat sparks are an important indicator of the intensity of interaction between the two parties, and they often inadvertently ignite the emotional bonds between us and our friends. However, sometimes due to some reasons, the chat spark may be disconnected. So what should we do if we want to restore the chat spark? This tutorial guide will bring you a detailed introduction to the content strategy, hoping to help everyone. How to restore the spark of Douyin chat? 1. Open the Douyin message page and select a friend to chat. 2. Send messages and chat to each other. 3. If you send messages continuously for 3 days, you can get the spark logo. On a 3-day basis, send pictures or videos to each other

How to delete Xiaohongshu releases? How to recover after deletion? Mar 21, 2024 pm 05:10 PM

As a popular social e-commerce platform, Xiaohongshu has attracted a large number of users to share their daily life and shopping experiences. Sometimes we may inadvertently publish some inappropriate content, which needs to be deleted in time to better maintain our personal image or comply with platform regulations. 1. How to delete Xiaohongshu releases? 1. Log in to your Xiaohongshu account and enter your personal homepage. 2. At the bottom of the personal homepage, find the "My Creations" option and click to enter. 3. On the "My Creations" page, you can see all published content, including notes, videos, etc. 4. Find the content that needs to be deleted and click the "..." button on the right. 5. In the pop-up menu, select the "Delete" option. 6. After confirming the deletion, the content will disappear from your personal homepage and public page.

How to completely delete WeChat File Transfer Assistant_Introduction to how to close WeChat File Transfer Assistant Mar 20, 2024 pm 08:31 PM

WeChat's file transfer assistant is available to every user. Some users use it as a memo to record some things. So how to completely delete WeChat File Transfer Assistant? Let me introduce it to you in detail below. How to completely delete WeChat File Transfer Assistant? Answer: [WeChat]-[Long press File Transfer Assistant]-[Delete this chat]. Specific steps: 1. First open the WeChat software. After entering the home page, we find [File Transfer Assistant] and press and hold; 2. Then a pop-up will be marked as unread, pin the chat to the top, do not display the chat, and delete the chat. Here We can click [Delete this chat];

How to completely delete TikTok chat history May 07, 2024 am 11:14 AM

1. Open the Douyin app, click [Message] at the bottom of the interface, and click the chat conversation entry that needs to be deleted. 2. Long press any chat record, click [Multiple Select], and check the chat records you want to delete. 3. Click the [Delete] button in the lower right corner and select [Confirm deletion] in the pop-up window to permanently delete these records.

How to send files to others on TikTok? How to delete files sent to others? Mar 22, 2024 am 08:30 AM

On Douyin, users can not only share their life details and talents, but also interact with other users. In this process, sometimes we need to send files to other users, such as pictures, videos, etc. So, how to send files to others on Douyin? 1. How to send files to others on Douyin? 1. Open Douyin and enter the chat interface where you want to send files. 2. Click the "+" sign in the chat interface and select "File". 3. In the file options, you can choose to send pictures, videos, audio and other files. After selecting the file you want to send, click "Send". 4. Wait for the other party to accept your file. Once the other party accepts it, the file will be transferred successfully. 2. How to delete files sent to others on Douyin? 1. Open Douyin and enter the text you sent.

How can I retrieve someone else's deleted comment on Xiaohongshu? Will it be displayed if someone else's comment is deleted? Mar 21, 2024 pm 10:46 PM

Xiaohongshu is a popular social e-commerce platform, and interactive comments between users are an indispensable method of communication on the platform. Occasionally, we may find that our comments have been deleted by others, which can be confusing. 1. How can I retrieve someone else’s deleted comments on Xiaohongshu? When you find that your comments have been deleted, you can first try to directly search for relevant posts or products on the platform to see if you can still find the comment. If the comment is still displayed after being deleted, it may have been deleted by the original post owner. At this time, you can try to contact the original post owner to ask the reason for deleting the comment and request to restore the comment. If a comment has been completely deleted and cannot be found on the original post, the chances of it being reinstated on the platform are relatively slim. You can try other ways

See all articles