7 Sticky Notes v1.9 – OS Command Injection

Exploit Database
38 阅读

作者： Ahmet Ümit BAYRAM

日期： 2024-01-29
类别：
- local
平台：
- windows
来源：https://www.exploit-db.com/exploits/51748/

# Exploit Title: 7 Sticky Notes v1.9 - OS Command Injection
# Discovered by: Ahmet Ümit BAYRAM
# Discovered Date: 12.09.2023
# Vendor Homepage: http://www.7stickynotes.com
# Software Link:
http://www.7stickynotes.com/download/Setup7StickyNotesv19.exe
# Tested Version: 1.9 (latest)
# Tested on: Windows 2019 Server 64bit

# # #Steps to Reproduce # # #

# Open the program.
# Click on "New Note".
# Navigate to the "Alarms" tab.
# Click on either of the two buttons.
# From the "For" field, select "1" and "seconds" (to obtain the shell
within 1 second).
# From the "Action" dropdown, select "command".
# In the activated box, enter the reverse shell command and click the "Set"
button to set the alarm.
# Finally, click on the checkmark to save the alarm.
# Reverse shell obtained!

last Exploits
7 Sticky Notes v1.9 – OS Command Injection的更多信息

Trend Micro IWSS 3.1 – Local Privilege Escalation：
MPlayer – ‘.SAMI’ Subtitle File Buffer Overflow (DEP Bypass) (Metasploit)：
VCDGear 3.50 – ‘.cue’ Local Stack Buffer Overflow：
Linux PAM 1.1.0 (Ubuntu 9.10/10.04) – MOTD File Tampering Privilege Escalation (1)：
Easy XML Editor 1.7.8 – XML External Entity Injection：
KiTTY 0.76.1.13 – Command Injection：
ASX to MP3 Converter 3.0.0.100 – Local Stack Overflow：
Microsoft Windows – UAC Protection Bypass via FodHelper Registry Key (Metasploit)：