Tuesday, August 12, 2008

SQL SERVER 2000 - EXEC master..xp_cmdshell permissions

Extended stored procedures are essentially compiled Dynamic Link Libraries (DLLs) that use a SQL Server specific calling convention to run exported functions. They allow SQL Server applications to have access to the full power of C/C++, and are an extremely useful feature. A number of extended stored procedures are built in to SQL Server, and perform various functions such as sending email and interacting with the registry.
xp_cmdshell is a built-in extended stored procedure that allows the execution of arbitrary command lines. For example:
exec master..xp_cmdshell 'dir'

TO execute any EXE from your stored procedure then you will need to use
XP_cmdshell command. It will successfully execute the exe.

Syntax of cmd shell:-

SET CMDPATH= 'exepath.exe ' +convert(varchar, @param1) + ' ' + convert(varchar,@param2)

Just try it....

No comments: