System

These procedures access the Windows operating system directly to return information or to manage files and processes.

xp_availablemedia: Shows the physical drives on the server.

xp_cmdshell: Allows execution of operating system commands in the security context of the SQL Server service. The most powerful and widely abused stored procedure.

xp_displayparamstmt: Older versions are vulnerable to buffer overflow attacks. Undocumented, it can be used to execute SQL queries but its original purpose is unclear.

xp_dropwebtask: Deletes a defined web job (instruction to render the result of a query into an HTML file).

xp_enumerrorlogs: Displays the error logs used by SQL Server.

xp_enumgroups: Lists the Windows user groups defined on the server.

xp_eventlog: Used to read the Windows event logs.

xp_execresultset: An undocumented procedure used to execute a number of commands passed as a resultset. Can be abused to quickly perform brute-force attacks against passwords if the password dictionary is available as a resultset.

xp_fileexist: Tests if a specified file exists on the server's filesystem.

xp_fixeddrives: Returns information about the server's drives and free space.

xp_getfiledetails: Returns information about a particular file on the server, such as its size /creation date/last modified.

xp_getnetname: Shows the server's network name . This could allow an attacker to guess the names of other machines on the network.

xp_grantlogin: Used to grant a Windows user or group access to the SQL Server.

xp_logevent: Writes a custom event to the SQL Server and Windows error log. Could be abused to corrupt the server's audit trail.

xp_loginconfig: Divulges information about the authentication method used by the server and the current auditing settings.

xp_logininfo: Shows the SQL Server's users and groups.

xp_makewebtask: Creates a webtask, which is used to output table data to an HTML file. Could be used to retrieve data using the Web.

xp_msver: Provides more information about the SQL Server than version. This includes the Windows patch and service pack level.

xp_ntsec_enumdomains: Lists the Windows domains accessed by the server.

xp_perfsample: Used with the SQL Server performance monitor.

xp_perfstart: Used with the SQL Server performance monitor.

xp_printstatements: An undocumented procedure that returns the result of a query.

xp_readerrorlog: Used to view the SQL Server error log. Can also be used to view any file on the local filesystem accessible to the SQL Server process.

xp_revokelogin: Revokes access to the SQL Server from a Windows user or group.

xp_runwebtask: Executes a defined webtask, which outputs SQL Server table data to an HTML file.

xp_servicecontrol: Used to start, stop, pause, and un-pause Windows services.

sp_MSSetServerProperties: Sets whether the SQL Server starts automatically or manually on reboot. Could be used to DoS the server, or stop the server starting so that an attacker can access a shell on the SQL Server port.

xp_snmp_getstate: Returns the current state of the SQL Server using SNMP (Simple Network Management Protocol). Removed after SQL Server 6.5.

xp_snmp_raisetrap: Sends an SNMP trap (alert) to an SNMP client. Removed after SQL Server 6.5.

xp_sprintf: Similar to the C sprintf function, used to create an output string from multiple inputs. Could be used to create executable commands.

xp_sqlinventory: Prior to SQL Server 2000, returns information about the server's installation and configuration settings.

xp_sqlregister: Prior to SQL Server 2000, broadcasts server configuration details used by xp_sqlinventory.

xp_sqltrace: Prior to SQL Server 2000, returns information on the audit traces set, and their activity.

xp_sscanf: Similar to the C function sscanf , used to extract variables from a text string in a certain format. Could help an attacker create executable commands.

xp_subdirs: Displays all of a directory's subdirectories.

xp_terminate_process: Used to kill a Windows process with a specific ID. An attacker could use this to disable anti-virus or firewall software on the host.

xp_unc_to_drive: Converts a UNC (Universal Naming Convention) address to a corresponding local drive.