Users login

Create an account »


Users login

Home » Hacking News » Microsoft SQL Server Webtasks privilege upgrade

Microsoft SQL Server Webtasks privilege upgrade

by Nikola Strahija on October 17th, 2002 Using a number of flaws in the webtask functionality of Microsoft SQL Server an attacker may gain control of the database by elevating their privileges.

The xp_runwebtask stored procedure fails to set permissions properly when
executed and runs with the privileges of the SQL Server. xp_runwebtask can
be executed by 'PUBLIC'.

The permissions of the table that stores webtasks, namely
msdb.dbo.mswebtasks, are set loosely allowing 'PUBLIC' to INSERT, UPDATE,

By updating a webtask owned by the database owner and then running it
through xp_runwebtask an attacker may elevate their privileges. In terms of
exploitation an attacker may choose to run OS commands or add themselves to
the SYSADMIN group.

Fix Information
NGSSoftware alerted Microsoft to these problems on the 23rd of August.
Microsoft has released a patch that addresses these issues. For more details
please see

A check and fix for these problems already exists in NGSSQuirreL, an
advanced SQL Server security management tool, of which more information
is available from the NGSSite:

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »