Exploit Sysax FTP Automation Server 5.33 - Local Privilege Escalation

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
22465
Проверка EDB
  1. Пройдено
Автор
CRAIG FREYMAN
Тип уязвимости
LOCAL
Платформа
WINDOWS
CVE
null
Дата публикации
2012-11-04
Код:
#Title: Sysax FTP Automation Server Local Privilege Escalation
#Author: Craig Freyman (@cd1zz)
#OS Tested: XP SP3 32bit
#Version Tested: 5.33
#Date Discovered: October 1, 2012
#Vendor Contacted: October 21, 2012
#Vendor Response: November 1, 2012
#Demo: http://www.pwnag3.com/2012/11/sysax-ftp-automation-server-privilege.html

Sysax FTP Automation <= 5.33 has a privilege escalation vulnerability. This can be exploited
by leveraging the Scheduled Script -> Scheduled Task functionality. The scheduled task 
function allows you to run any external program/execuable you want, without specifying 
credentials. By default, this product installs under the LOCALSYSTEM service so when the 
binary is executed, it runs under that context. 

Sysax fixed this problem in version 5.34.
 
Источник
www.exploit-db.com

Похожие темы