e07f33f24d
17 changes to exploits/shellcodes/ghdb EuroTel ETL3100 - Transmitter Authorization Bypass (IDOR) EuroTel ETL3100 - Transmitter Default Credentials EuroTel ETL3100 - Transmitter Unauthenticated Config/Log Download Color Prediction Game v1.0 - SQL Injection Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated) Dolibarr Version 17.0.1 - Stored XSS Global - Multi School Management System Express v1.0- SQL Injection OVOO Movie Portal CMS v3.3.3 - SQL Injection PHPJabbers Business Directory Script v3.2 - Multiple Vulnerabilities Taskhub CRM Tool 2.8.6 - SQL Injection Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions TSPlus 16.0.0.0 - Remote Work Insecure Credential storage TSplus 16.0.0.0 - Remote Work Insecure Files and Folders TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions Linux/x64 - memfd_create ELF loader Shellcode (170 bytes)
42 lines
No EOL
1.6 KiB
Text
42 lines
No EOL
1.6 KiB
Text
# Exploit Title: Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions
|
|
Privilege Escalation
|
|
# Date: 2023-08-09
|
|
# Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia
|
|
# Vendor Homepage: https://www.inosoft.com/
|
|
# Version: Up to 2022-2.1 (Runtime RT7.3 RC3 20221209.5)
|
|
# Tested on: Windows
|
|
# CVE: CVE-2023-31468
|
|
|
|
Inosoft VisiWin is a completely open system with a configurable range of
|
|
functions. It combines all features of classic HMI software with
|
|
unlimited programming possibilities.
|
|
The installation of the solution will create insecure folder, and this
|
|
could allow a malicious user to manipulate file content or change
|
|
legitimate files (e.g., VisiWin7.Server.Manager.exe which runs with
|
|
SYSTEM privileges) to compromise a system or to gain elevated
|
|
privileges.
|
|
|
|
This is the list of insecure files and folders with their respective
|
|
permissions:
|
|
|
|
C:\>icacls "C:\Program Files (x86)\INOSOFT GmbH"
|
|
C:\Program Files (x86)\INOSOFT GmbH BUILTIN\Administrators:(OI)(CI)(F)
|
|
Everyone:(OI)(CI)(F)
|
|
NT AUTHORITY\SYSTEM:(OI)(CI)(F)
|
|
|
|
Successfully processed 1 files; Failed processing 0 files
|
|
|
|
C:\>
|
|
|
|
--------------------------------------------------------------------------------------------------------------------------------------------------------
|
|
|
|
C:\>icacls "C:\Program Files (x86)\INOSOFT GmbH\VisiWin7\Runtime\VisiWin7.Server.Manager.exe"
|
|
C:\Program Files (x86)\INOSOFT GmbH\VisiWin 7\Runtime\VisiWin7.Server.Manager.exe BUILTIN\Administrators:(I)(F)
|
|
|
|
Everyone:(I)(F)
|
|
|
|
NT AUTHORITY\SYSTEM:(I)(F)
|
|
|
|
Successfully processed 1 files; Failed processing 0 files
|
|
|
|
C:\> |