bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2021-05-12

Browse source 
1 changes to exploits/shellcodes

Odoo 12.0.20190101 - 'nssm.exe' Unquoted Service Path
This commit is contained in:
Offensive Security 2021-05-12 05:01:57 +00:00
parent 599b380301
commit c3ea8f97de
2 changed files with 25 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
exploits/windows/local/49857.txt Normal file
View file

@ -0,0 +1,24 @@
# Exploit Title: Odoo 12.0.20190101 - 'nssm.exe' Unquoted Service Path
# Exploit Author: 1F98D
# Vendor Homepage: https://www.odoo.com/
# Software Link: https://nightly.odoo.com/12.0/nightly/windows/odoo_12.0.20190101.exe
# Tested Version: 12.0.20190101
# Tested on OS: Windows
# Step to discover Unquoted Service Path:
C:\> icacls "C:\Program Files (x86)\Odoo 12.0\nssm"
C:\Program Files (x86)\Odoo 12.0\nssm pc-1\user-1:(OI)(CI)(M)
NT SERVICE\TrustedInstaller:(I)(F)
NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
BUILTIN\Administrators:(I)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
BUILTIN\Users:(I)(RX)
BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(RX)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(OI)(CI)(IO)(GR,GE)
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(I)(RX)
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(I)(OI)(CI)(IO)(GR,GE)

1
files_exploits.csv
View file

@ -11323,6 +11323,7 @@ id,file,description,date,author,type,platform,port
49850,exploits/windows/local/49850.txt,"DHCP Broadband 4.1.0.1503 - 'dhcpt.exe' Unquoted Service Path",2021-05-10,"Erick Galindo",local,windows,
49851,exploits/windows/local/49851.txt,"BOOTP Turbo 2.0.0.1253 - 'bootpt.exe' Unquoted Service Path",2021-05-10,"Erick Galindo",local,windows,
49852,exploits/windows/local/49852.txt,"TFTP Broadband 4.3.0.1465 - 'tftpt.exe' Unquoted Service Path",2021-05-10,"Erick Galindo",local,windows,
49857,exploits/windows/local/49857.txt,"Odoo 12.0.20190101 - 'nssm.exe' Unquoted Service Path",2021-05-11,1F98D,local,windows,
1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80
2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80
5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139

Can't render this file because it is too large.