"BOOTP Turbo 2.0.1214 - 'BOOTP Turbo' Unquoted Service Path"

Author

Exploit author

boku

Platform

Exploit platform

windows

Release date

Exploit published date

2020-02-17

                
                    
                         Download file
                    
                
            
# Exploit Title: BOOTP Turbo 2.0.1214 - 'BOOTP Turbo' Unquoted Service Path
# Exploit Author: boku
# Date: 2020-02-10
# Vendor Homepage: https://www.weird-solutions.com
# Software Link: https://www.weird-solutions.com/download/products/bootpt_demo_IA32.exe
# Version: 2.0.1214
# Tested On: Windows 10 (32-bit)

C:\Users\user>wmic service get name, pathname, startmode | findstr "BOOTP" | findstr /i /v """
BOOTP Turbo                               C:\Program Files\BOOTP Turbo\bootpt.exe                                            Auto

C:\Users\user>sc qc "BOOTP Turbo"
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: BOOTP Turbo
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files\BOOTP Turbo\bootpt.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : BOOTP Turbo
        DEPENDENCIES       : Nsi
                           : Afd
                           : NetBT
                           : Tcpip
        SERVICE_START_NAME : LocalSystem

Release Date	Title	Type	Platform	Author
2020-12-02	"Ksix Zigbee Devices - Playback Protection Bypass (PoC)"	remote	multiple	"Alejandro Vazquez Vazquez"
2020-12-02	"ILIAS Learning Management System 4.3 - SSRF"	webapps	multiple	Dot
2020-12-02	"IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path"	local	windows	"Manuel Alvarez"
2020-12-02	"Microsoft Windows - Win32k Elevation of Privilege"	local	windows	nu11secur1ty
2020-12-02	"Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality"	webapps	php	"Mufaddal Masalawala"
2020-12-02	"Mitel mitel-cs018 - Call Data Information Disclosure"	remote	linux	"Andrea Intilangelo"
2020-12-02	"ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)"	webapps	multiple	"Mufaddal Masalawala"
2020-12-02	"aSc TimeTables 2021.6.2 - Denial of Service (PoC)"	local	windows	"Ismael Nava"
2020-12-02	"ChurchCRM 4.2.0 - CSV/Formula Injection"	webapps	multiple	"Mufaddal Masalawala"
2020-12-02	"Pharmacy Store Management System 1.0 - 'id' SQL Injection"	webapps	php	"Aydın Baran Ertemir"

Release Date	Title	Type	Platform	Author
2020-12-02	"PRTG Network Monitor 20.4.63.1412 - 'maps' Stored XSS"	webapps	windows	"Amin Rawah"
2020-12-02	"aSc TimeTables 2021.6.2 - Denial of Service (PoC)"	local	windows	"Ismael Nava"
2020-12-02	"Microsoft Windows - Win32k Elevation of Privilege"	local	windows	nu11secur1ty
2020-12-02	"IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path"	local	windows	"Manuel Alvarez"
2020-12-01	"Intel(r) Management and Security Application 5.2 - User Notification Service Unquoted Service Path"	local	windows	"Metin Yunus Kandemir"
2020-12-01	"Pearson Vue VTS 2.3.1911 Installer - VUEApplicationWrapper Unquoted Service Path"	local	windows	Jok3r
2020-12-01	"10-Strike Network Inventory Explorer 8.65 - Buffer Overflow (SEH)"	local	windows	Sectechs
2020-12-01	"EPSON Status Monitor 3 'EPSON_PM_RPCV4_06' - Unquoted Service Path"	local	windows	SamAlucard
2020-12-01	"Global Registration Service 1.0.0.3 - 'GREGsvc.exe' Unquoted Service Path"	local	windows	"Emmanuel Lujan"
2020-11-30	"YATinyWinFTP - Denial of Service (PoC)"	remote	windows	strider

Release Date	Title	Type	Platform	Author
2020-11-27	"House Rental 1.0 - 'keywords' SQL Injection"	webapps	php	boku
2020-09-29	"CloudMe 1.11.2 - Buffer Overflow ROP (DEP_ASLR)"	local	windows	boku
2020-09-15	"Tailor MS 1.0 - Reflected Cross-Site Scripting"	webapps	php	boku
2020-09-03	"BarracudaDrive v6.5 - Insecure Folder Permissions"	local	windows	boku
2020-09-02	"Stock Management System 1.0 - Cross-Site Request Forgery (Change Username)"	webapps	php	boku
2020-08-13	"GetSimple CMS Plugin Multi User 1.8.2 - Cross-Site Request Forgery (Add Admin)"	webapps	php	boku
2020-08-10	"Warehouse Inventory System 1.0 - Cross-Site Request Forgery (Change Admin Password)"	webapps	php	boku
2020-07-26	"Online Course Registration 1.0 - Unauthenticated Remote Code Execution"	webapps	php	boku
2020-07-26	"LibreHealth 2.0.0 - Authenticated Remote Code Execution"	webapps	php	boku
2020-06-16	"Bandwidth Monitor 3.9 - 'Svc10StrikeBandMontitor' Unquoted Service Path"	local	windows	boku
2020-06-10	"10-Strike Bandwidth Monitor 3.9 - Buffer Overflow (SEH_DEP_ASLR)"	local	windows	boku
2020-05-22	"Gym Management System 1.0 - Unauthenticated Remote Code Execution"	webapps	php	boku
2020-05-07	"Pisay Online E-Learning System 1.0 - Remote Code Execution"	webapps	php	boku
2020-05-01	"Online Scheduling System 1.0 - Persistent Cross-Site Scripting"	webapps	php	boku
2020-05-01	"Online Scheduling System 1.0 - Authentication Bypass"	webapps	php	boku
2020-05-01	"ChemInv 1.0 - Authenticated Persistent Cross-Site Scripting"	webapps	php	boku
2020-04-20	"Atomic Alarm Clock x86 6.3 - 'AtomicAlarmClock' Unquoted Service Path"	local	windows	boku
2020-04-20	"Atomic Alarm Clock 6.3 - Stack Overflow (Unicode+SEH)"	local	windows	boku
2020-04-13	"Free Desktop Clock x86 Venetian Blinds Zipper 3.0 - Unicode Stack Overflow (SEH)"	local	windows	boku
2020-02-17	"DHCP Turbo 4.61298 - 'DHCP Turbo 4' Unquoted Service Path"	local	windows	boku
2020-02-17	"BOOTP Turbo 2.0.1214 - 'BOOTP Turbo' Unquoted Service Path"	local	windows	boku
2020-02-17	"Cuckoo Clock v5.0 - Buffer Overflow"	local	windows	boku
2020-02-17	"TFTP Turbo 4.6.1273 - 'TFTP Turbo 4' Unquoted Service Path"	local	windows	boku
2020-02-14	"SprintWork 2.3.1 - Local Privilege Escalation"	local	windows	boku
2020-02-14	"HomeGuard Pro 9.3.1 - Insecure Folder Permissions"	local	windows	boku
2020-02-13	"OpenTFTP 1.66 - Local Privilege Escalation"	local	windows	boku
2020-02-11	"freeFTPd v1.0.13 - 'freeFTPdService' Unquoted Service Path"	local	windows	boku
2020-02-11	"Disk Savvy Enterprise 12.3.18 - Unquoted Service Path"	local	windows	boku
2020-02-11	"Disk Sorter Enterprise 12.4.16 - 'Disk Sorter Enterprise' Unquoted Service Path"	local	windows	boku
2020-02-11	"Sync Breeze Enterprise 12.4.18 - 'Sync Breeze Enterprise' Unquoted Service Path"	local	windows	boku

import requests

response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/48078/?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher	Protocols	Sigalg	Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host	WAF detected

Search for hundreds of thousands of exploits

"BOOTP Turbo 2.0.1214 - 'BOOTP Turbo' Unquoted Service Path"

Download file

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.