Windscribe 1.83 windscribeservice unquoted service path Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2020-04-10 |
Type : local |
Platform : windows
This exploit / vulnerability Windscribe 1.83 windscribeservice unquoted service path is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Windscribe 1.83 - 'WindscribeService' Unquoted Service Path
# Date: 2020-04-10
# Exploit Author: MgThuraMoeMyint
# Vendor Homepage: https://windscribe.com
# Version: v1.83 Build 20
# Tested on: Windows 10, version 1909
In windscribe v1.83 , there is a service via windscribe that every
authenticated user can modify.
That shows that running as Local System this means that the
BINARY_PATH_NAME parameter can be modified to execute any command on
the system.
I'll change binary_path_name with a command that add a user to
administrators group , so it will be
C:\Users\mgthura>sc start WindscribeService
[SC] StartService FAILED 1053:
The service did not respond to the start or control request in a timely fashion.
Restarting service will cause the service to fail as the binary path
would not point into the actual executable of the service.
However the command will be executed successfully and the user will be
added to the local administrators group.
Windscribe 1.83 windscribeservice unquoted service path