bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/local/50690.txt
Offensive Security ad453a2c73 DB: 2022-02-03 
17 changes to exploits/shellcodes

CONTPAQi(R) AdminPAQ 14.0.0 - Unquoted Service Path
Mozilla Firefox 67 - Array.pop JIT Type Confusion
Fetch Softworks Fetch FTP Client 5.8 - Remote CPU Consumption (Denial of Service)
Ametys CMS v4.4.1 - Cross Site Scripting (XSS)
uBidAuction v2.0.1 - 'Multiple' Cross Site Scripting (XSS)
Chamilo LMS 1.11.14 - Account Takeover
Wordpress Plugin Download Monitor WordPress V 4.4.4 - SQL Injection (Authenticated)
WordPress Plugin Domain Check 1.0.16 - Reflected Cross-Site Scripting (XSS) (Authenticated)
Wordpress Plugin 404 to 301 2.0.2 - SQL-Injection (Authenticated)
PHP Restaurants 1.0 - SQLi (Unauthenticated)
Moodle 3.11.4 - SQL Injection
Huawei DG8045 Router 1.0 - Credential Disclosure
PHP Unit 4.8.28 - Remote Code Execution (RCE) (Unauthenticated)
WordPress Plugin Contact Form Check Tester 1.0.2 - Broken Access Control
WordPress Plugin Product Slider for WooCommerce 1.13.21 - Cross Site Scripting (XSS)
WordPress Plugin Post Grid 2.1.1 - Cross Site Scripting (XSS)
WordPress Plugin Learnpress 4.1.4.1 - Arbitrary Image Renaming
2022-02-03 05:01:57 +00:00

38 lines
No EOL
1.4 KiB
Text
Raw Permalink Blame History

# Exploit Title: CONTPAQi® AdminPAQ 14.0.0 - Unquoted Service Path
# Discovery by: Angel Canseco
# Discovery Date: 2022-01-16
# Software Link: https://www.contpaqi.com/descargas
# Tested Version: 14.0.0
# Vulnerability Type: Unquoted Service Path
# Tested on OS: Windows 10 pro x64 english
# Step to discover Unquoted Service Path:
C:\Users\test>wmic service get name, displayname, pathname, startmode |
findstr /i "Auto" | findstr /i "AppKeyLicenseServer_CONTPAQi"
Servidor de Licencias CONTPAQir AppKeyLicenseServer_CONTPAQi
C:\Program Files (x86)\Compac\Servidor de
Licencias\AppkeyLicenseServer\AppKeyLicenseServer.exe Auto
C:\Users\test>sc qc "AppKeyLicenseServer_CONTPAQi"
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: AppKeyLicenseServer_CONTPAQi
TYPE : 110 WIN32_OWN_PROCESS (interactive)
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files (x86)\Compac\Servidor de
Licencias\AppkeyLicenseServer\AppKeyLicenseServer.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Servidor de Licencias CONTPAQi®
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem
#Exploit:
A successful attempt would cause the local user to be able to insert their
code in the system root path undetected by the OS or other security
applications and elevate his privileges after reboot.
Reference in a new issue View git blame Copy permalink