Odoo 12.0.20190101 nssm.exe unquoted service path Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2021-05-11 | Type : local | Platform : windows
This exploit / vulnerability Odoo 12.0.20190101 nssm.exe unquoted service path is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: Odoo 12.0.20190101 - 'nssm.exe' Unquoted Service Path
# Exploit Author: 1F98D
# Vendor Homepage: https://www.odoo.com/
# Software Link: https://nightly.odoo.com/12.0/nightly/windows/odoo_12.0.20190101.exe
# Tested Version: 12.0.20190101
# Tested on OS: Windows
# Step to discover Unquoted Service Path:

C:\> icacls "C:\Program Files (x86)\Odoo 12.0\nssm"

C:\Program Files (x86)\Odoo 12.0\nssm pc-1\user-1:(OI)(CI)(M)
NT SERVICE\TrustedInstaller:(I)(F)
NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
BUILTIN\Administrators:(I)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
BUILTIN\Users:(I)(RX)
BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(RX)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(OI)(CI)(IO)(GR,GE)
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(I)(RX)
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(I)(OI)(CI)(IO)(GR,GE)

Odoo 12.0.20190101 nssm.exe unquoted service path


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Odoo 12.0.20190101 nssm.exe unquoted service path Vulnerability / Exploit