Back to main page

MS SQL xp_fileexist Stored Procedure

Category:

Application vulnerabilities

Sub-category:

Application exploits

Severity:

high

Description:

Detects attempts to exploit a MicroSoft SQL stored procedure xp_fileexist that allows remote attackers to force the service account to authenticate to the system defined in the SMBProxy option which usually results in local administrative access to the Windows system.