i noticed a table named 'd99_tmp' appeared in one of my SQL db from nowhere.
the fields are 'subdirectory', 'dept' and 'file'. And it contains info about
my server harddisk file information.
Does anyone knows where this table comes from?This is a User Created Table.
sp_help d99_tmp: This will help you to find who has created the table and
when?
sp_spaceused d99_tmp: This will tell size of the table and Row Count.
"twlancer" wrote:
> i noticed a table named 'd99_tmp' appeared in one of my SQL db from nowhere.
> the fields are 'subdirectory', 'dept' and 'file'. And it contains info about
> my server harddisk file information.
> Does anyone knows where this table comes from?|||I know the which account was used to create this table. but none of my team
members did it. We changed the password and the table reappear days later.
"Absar Ahmad" wrote:
> This is a User Created Table.
> sp_help d99_tmp: This will help you to find who has created the table and
> when?
> sp_spaceused d99_tmp: This will tell size of the table and Row Count.
> "twlancer" wrote:
> > i noticed a table named 'd99_tmp' appeared in one of my SQL db from nowhere.
> > the fields are 'subdirectory', 'dept' and 'file'. And it contains info about
> > my server harddisk file information.
> >
> > Does anyone knows where this table comes from?|||If noone is owning up to it and it reappears after dropping, trace it or
disable the account and see what fails.
"twlancer" <twlancer@.discussions.microsoft.com> wrote in message
news:39B5254C-87EE-478A-B006-1B80329681A8@.microsoft.com...
>I know the which account was used to create this table. but none of my team
> members did it. We changed the password and the table reappear days later.
> "Absar Ahmad" wrote:
>> This is a User Created Table.
>> sp_help d99_tmp: This will help you to find who has created the table and
>> when?
>> sp_spaceused d99_tmp: This will tell size of the table and Row Count.
>> "twlancer" wrote:
>> > i noticed a table named 'd99_tmp' appeared in one of my SQL db from
>> > nowhere.
>> > the fields are 'subdirectory', 'dept' and 'file'. And it contains info
>> > about
>> > my server harddisk file information.
>> >
>> > Does anyone knows where this table comes from?|||How do I trace? I checked the SQL log and couldnt see any entries on this
d99_tmp table.
"Danny" wrote:
> If noone is owning up to it and it reappears after dropping, trace it or
> disable the account and see what fails.
> "twlancer" <twlancer@.discussions.microsoft.com> wrote in message
> news:39B5254C-87EE-478A-B006-1B80329681A8@.microsoft.com...
> >I know the which account was used to create this table. but none of my team
> > members did it. We changed the password and the table reappear days later.
> >
> > "Absar Ahmad" wrote:
> >
> >> This is a User Created Table.
> >>
> >> sp_help d99_tmp: This will help you to find who has created the table and
> >> when?
> >>
> >> sp_spaceused d99_tmp: This will tell size of the table and Row Count.
> >>
> >> "twlancer" wrote:
> >>
> >> > i noticed a table named 'd99_tmp' appeared in one of my SQL db from
> >> > nowhere.
> >> > the fields are 'subdirectory', 'dept' and 'file'. And it contains info
> >> > about
> >> > my server harddisk file information.
> >> >
> >> > Does anyone knows where this table comes from?
>
>|||Use Profiler to trace.
--
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://www.solidqualitylearning.com/
"twlancer" <twlancer@.discussions.microsoft.com> wrote in message
news:3ABA6BE8-99BB-4454-B053-C7B98804DEBC@.microsoft.com...
> How do I trace? I checked the SQL log and couldnt see any entries on this
> d99_tmp table.
> "Danny" wrote:
>> If noone is owning up to it and it reappears after dropping, trace it or
>> disable the account and see what fails.
>> "twlancer" <twlancer@.discussions.microsoft.com> wrote in message
>> news:39B5254C-87EE-478A-B006-1B80329681A8@.microsoft.com...
>> >I know the which account was used to create this table. but none of my team
>> > members did it. We changed the password and the table reappear days later.
>> >
>> > "Absar Ahmad" wrote:
>> >
>> >> This is a User Created Table.
>> >>
>> >> sp_help d99_tmp: This will help you to find who has created the table and
>> >> when?
>> >>
>> >> sp_spaceused d99_tmp: This will tell size of the table and Row Count.
>> >>
>> >> "twlancer" wrote:
>> >>
>> >> > i noticed a table named 'd99_tmp' appeared in one of my SQL db from
>> >> > nowhere.
>> >> > the fields are 'subdirectory', 'dept' and 'file'. And it contains info
>> >> > about
>> >> > my server harddisk file information.
>> >> >
>> >> > Does anyone knows where this table comes from?
>>|||Sounds like a 3rd party application is creating the table...some sort of
network monitoring thing perhaps given the info being stored. Maybe someone
installed this and pointed the utility to the wrong server/database
combination?
--
Kevin Hill
President
3NF Consulting
www.3nf-inc.com/NewsGroups.htm
"Tibor Karaszi" <tibor_please.no.email_karaszi@.hotmail.nomail.com> wrote in
message news:OsuQ2oB7FHA.3760@.TK2MSFTNGP14.phx.gbl...
> Use Profiler to trace.
> --
> Tibor Karaszi, SQL Server MVP
> http://www.karaszi.com/sqlserver/default.asp
> http://www.solidqualitylearning.com/
>
> "twlancer" <twlancer@.discussions.microsoft.com> wrote in message
> news:3ABA6BE8-99BB-4454-B053-C7B98804DEBC@.microsoft.com...
>> How do I trace? I checked the SQL log and couldnt see any entries on this
>> d99_tmp table.
>> "Danny" wrote:
>> If noone is owning up to it and it reappears after dropping, trace it or
>> disable the account and see what fails.
>> "twlancer" <twlancer@.discussions.microsoft.com> wrote in message
>> news:39B5254C-87EE-478A-B006-1B80329681A8@.microsoft.com...
>> >I know the which account was used to create this table. but none of my
>> >team
>> > members did it. We changed the password and the table reappear days
>> > later.
>> >
>> > "Absar Ahmad" wrote:
>> >
>> >> This is a User Created Table.
>> >>
>> >> sp_help d99_tmp: This will help you to find who has created the table
>> >> and
>> >> when?
>> >>
>> >> sp_spaceused d99_tmp: This will tell size of the table and Row Count.
>> >>
>> >> "twlancer" wrote:
>> >>
>> >> > i noticed a table named 'd99_tmp' appeared in one of my SQL db from
>> >> > nowhere.
>> >> > the fields are 'subdirectory', 'dept' and 'file'. And it contains
>> >> > info
>> >> > about
>> >> > my server harddisk file information.
>> >> >
>> >> > Does anyone knows where this table comes from?
>>
>|||i have the same problem, something has created d99_tmp table in sql 2000
database (with c:\ listing in table). Table was created with login that use
my web site to read and write data (nothing else), so i think its some sort
of hack. Or some automatic hacking/checking tools. Know someone something
more about it?|||"sql2000" <thakx@.hi.com> wrote in message
news:bc15216f81d1471cac3a652d8eb0fdfb@.ureader.com...
>i have the same problem, something has created d99_tmp table in sql 2000
> database (with c:\ listing in table). Table was created with login that
> use
> my web site to read and write data (nothing else), so i think its some
> sort
> of hack. Or some automatic hacking/checking tools. Know someone something
> more about it?
Do you have xp_cmdshell enabled? How much permissions does that web account
have? Does your web server use dynamic SQL?
David|||I'd like to hear if anyone has more information on this issue. I also have a
D99_Tmp table in my database that was created by the user that my web
appication uses. The table contains a directory listing of the "D" drive on
the database server as shown below:
subdirectory depth file
Microsoft SQL Server 1 0
RECYCLER 1 0
System Volume Information 1 0
tlogs_backup 1 0
WUTemp 1 0
This appears to be a SQL injection exploit. What is suprising to me is the
directory listing is correct. The user is a SQL user and not a windows user.
The database server is behind a firewall and can only be accessed via the web
application. Comments? Info? Ideas?
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment