Exploit Ipswitch IMail 5.0 / Ipswitch WS_FTP Server 1.0.1/1.0.2 - Local Privilege Escalation

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
19167
Проверка EDB
  1. Пройдено
Автор
MARC
Тип уязвимости
LOCAL
Платформа
WINDOWS
CVE
cve-1999-1171 cve-1999-1170
Дата публикации
1999-02-04
Код:
source: https://www.securityfocus.com/bid/218/info

Non-administrative Imail and WS_FTP Server users may elevate their privileges to administrator for these applications by modifying a specific registry value. Once a person has obtained administrative privileges, they may use the application interface (locally) to read email, create accounts, delete accounts, etc. 

Access the following registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Ipswitch\IMail\Domains\Machine_name\Users\Username"
Modify the Flag value to read "1920". 1920 gives the user account administrator permissions to IMail and WS_FTP Server.
 
Источник
www.exploit-db.com

Похожие темы