[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [Full-disclosure] SQL Injection + Stored Procedures
From: m.delibero () comcast ! net
Date: 2006-10-31 20:42:25
Message-ID: 103120062042.19169.4547B531000861CE00004AE12200761438019D0A0D07040A0BD203 () comcast ! net
[Download RAW message or body]
Andres,
Stored procedures are saved in the syscomments table in the text field. They are then tied \
to the sysobjects table by the field id.
SELECT sc.Text FROM syscomments sc
JOIN sysobjects so ON so.id = sc.id
WHERE so.Name LIKE '%PROC_NAME%'
That query would retrieve the body of the stored procedure based on the stored procedure name. \
Be warned that the stored procedure body can be in multiple rows depending on how big the sp \
is.
Thanks,
Mike de Libero
-------------- Original message ----------------------
From: "Andres Molinetti" <andymolinetti@hotmail.com>
> HI,
>
> Does anyone know how to get the body of a stored procedure in MS SQL
> Server through a SELECT statement?
>
> In other words, are the Stored Procedures bodies saved in any accesible
> system table?
>
> Cheers,
>
> Andy.
>
> _________________________________________________________________
> Grandes �xitos, superh�roes, imitaciones, cine y TV...
> http://es.msn.kiwee.com/ Lo mejor para tu m�vil.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic