SQL Server's e-mail stored procedures can provide a means for an attacker to submit queries and receive the results from an anonymous account. This affects the audit trail and could prevent tracing.
- xp_deletemail: Deletes an e-mail from SQL Server's inbox.
- xp_findnextmsg: Receives a message ID and returns the message ID of the next mail in SQL Server's inbox.
- xp_readmail: Used to either view the inbox or a specific mail.
- xp_sendmail: Sends an e-mail, together with an optional resultset.
- xp_startmail: Used to start a SQL Mail client session.
- xp_stopmail: Used to end a SQL Mail client session.
Get The Database Hacker's Handbook: Defending Database Servers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.