bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/local/50184.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

22 lines
No EOL
1.1 KiB
Text
Raw Permalink Blame History

# Exploit Title: Amica Prodigy 1.7 - Privilege Escalation
# Date: 2021-08-06
# Exploit Author: Andrea Intilangelo
# Vendor Homepage: https://gestionaleamica.com - https://www.bisanziosoftware.com
# Software Link: https://gestionaleamica.com/Download/AmicaProdigySetup.exe
# Version: 1.7
# Tested on: Windows 10 Pro 20H2 x64
# CVE: CVE-2021-35312
Amica Prodigy it's a backup solution from Amica softwares (GestionaleAmica: invoices, accounting, etc.,
from website gestionaleamica.com), a CIR 2000 srl / Bisanzio Software srl
A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. The Amica Prodigy's executable
"RemoteBackup.Service.exe" has incorrect permissions, allowing a local unprivileged user to replace it
with a malicious file that will be executed with "LocalSystem" privileges at scheduled time.
C:\Users\user>icacls C:\AmicaProdigy\RemoteBackup.Service.exe
C:\AmicaProdigy\RemoteBackup.Service.exe
NT AUTHORITY\Authenticated Users:(I)(M) NT
AUTHORITY\SYSTEM:(I)(F) BUILTIN\Administrators:(I)(F)
BUILTIN\Users:(I)(RX) Elaborazione completata per 1 file.
Reference in a new issue View git blame Copy permalink