923f53211e
16 changes to exploits/shellcodes AbsoluteTelnet 11.12 - _license name_ Denial of Service (PoC) AbsoluteTelnet 11.12 - 'license name' Denial of Service (PoC) VIM 8.2 - Denial of Service (PoC) AbsoluteTelnet 11.12 - 'SSH2/username' Denial of Service (PoC) TapinRadio 2.12.3 - 'address' Denial of Service (PoC) TapinRadio 2.12.3 - 'username' Denial of Service (PoC) RarmaRadio 2.72.4 - 'username' Denial of Service (PoC) RarmaRadio 2.72.4 - 'server' Denial of Service (PoC) ELAN Smart-Pad 11.10.15.1 - 'ETDService' Unquoted Service Path Online Job Portal 1.0 - 'user_email' SQL Injection Online Job Portal 1.0 - Remote Code Execution Online Job Portal 1.0 - Cross Site Request Forgery (Add User) Ecommerce Systempay 1.0 - Production KEY Brute Force Cisco Data Center Network Manager 11.2 - Remote Code Execution Cisco Data Center Network Manager 11.2.1 - 'getVmHostData' SQL Injection Cisco Data Center Network Manager 11.2.1 - 'LanFabricImpl' Command Injection
25 lines
No EOL
760 B
Text
25 lines
No EOL
760 B
Text
#Exploit Title: ELAN Smart-Pad 11.10.15.1 - 'ETDService' Unquoted Service Path
|
|
#Exploit Author : ZwX
|
|
#Exploit Date: 2020-02-05
|
|
#Vendor : ELAN Microelectronics
|
|
#Vendor Homepage : http://www.emc.com.tw/
|
|
#Tested on OS: Windows 10 v1803
|
|
|
|
|
|
#Analyze PoC :
|
|
==============
|
|
|
|
|
|
C:\Users\ZwX>sc qc ETDService
|
|
[SC] QueryServiceConfig réussite(s)
|
|
|
|
SERVICE_NAME: ETDService
|
|
TYPE : 10 WIN32_OWN_PROCESS
|
|
START_TYPE : 2 AUTO_START
|
|
ERROR_CONTROL : 1 NORMAL
|
|
BINARY_PATH_NAME : C:\Program Files\Elantech\ETDService.exe
|
|
LOAD_ORDER_GROUP :
|
|
TAG : 0
|
|
DISPLAY_NAME : Elan Service
|
|
DEPENDENCIES :
|
|
SERVICE_START_NAME : LocalSystem |