pete callaghan (2/2/2010)
It will challenge the religious dogma from all the jobsworths out there, but I would love to find just one REAL example of a security breach via xp_commandshell.Yes a malicious employee or an external user of a poorly written site could potentially execute anything that’s permitted in the context of the SQL service account. But in the real world has anyone in a position to exploit this ever done anything they couldn’t have done via many other methods? ...
I am quite curious about this myself. As I mentioned in another post, I have seen areas where an employee *could have* used xp_cmdshell to perform a privelege escalation or other forms of nastiness, but I have never heard of it actually being done anywhere. And I quickly closed that particularly loophole without disably xp_cmdshell. People could still have used xp_cmdshell to do horrible things, but after I changed the settings they could only have done things that they could have done in other ways.
Does anyone know of an actual real-world exploit of xp_cmdshell? What about one where the xp_cmdshell was set up intelligently and still used in an exploit?
---
Timothy A Wiseman
SQL Blog: http://timothyawiseman.wordpress.com/