DB: 2021-05-12

1 changes to exploits/shellcodes Odoo 12.0.20190101 - 'nssm.exe' Unquoted Service Path
ddzzj · May 12, 2021 · c3ea8f9 · c3ea8f9
1 parent 599b380
commit c3ea8f9
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 0 deletions.
diff --git a/exploits/windows/local/49857.txt b/exploits/windows/local/49857.txt
@@ -0,0 +1,24 @@
+# Exploit Title: Odoo 12.0.20190101 - 'nssm.exe' Unquoted Service Path
+# Exploit Author: 1F98D
+# Vendor Homepage: https://www.odoo.com/
+# Software Link:  https://nightly.odoo.com/12.0/nightly/windows/odoo_12.0.20190101.exe
+# Tested Version: 12.0.20190101
+# Tested on OS: Windows 
+# Step to discover Unquoted Service Path:
+
+C:\> icacls "C:\Program Files (x86)\Odoo 12.0\nssm"
+
+C:\Program Files (x86)\Odoo 12.0\nssm pc-1\user-1:(OI)(CI)(M)
+                                      NT SERVICE\TrustedInstaller:(I)(F)
+                                      NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
+                                      NT AUTHORITY\SYSTEM:(I)(F)
+                                      NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
+                                      BUILTIN\Administrators:(I)(F)
+                                      BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
+                                      BUILTIN\Users:(I)(RX)
+                                      BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
+                                      CREATOR OWNER:(I)(OI)(CI)(IO)(F)
+                                      APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(RX)
+                                      APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(OI)(CI)(IO)(GR,GE)
+                                      APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(I)(RX)
+                                      APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(I)(OI)(CI)(IO)(GR,GE)
diff --git a/files_exploits.csv b/files_exploits.csv
@@ -11323,6 +11323,7 @@ id,file,description,date,author,type,platform,port
 49850,exploits/windows/local/49850.txt,"DHCP Broadband 4.1.0.1503 - 'dhcpt.exe' Unquoted Service Path",2021-05-10,"Erick Galindo",local,windows,
 49851,exploits/windows/local/49851.txt,"BOOTP Turbo 2.0.0.1253 - 'bootpt.exe' Unquoted Service Path",2021-05-10,"Erick Galindo",local,windows,
 49852,exploits/windows/local/49852.txt,"TFTP Broadband 4.3.0.1465 - 'tftpt.exe' Unquoted Service Path",2021-05-10,"Erick Galindo",local,windows,
+49857,exploits/windows/local/49857.txt,"Odoo 12.0.20190101 - 'nssm.exe' Unquoted Service Path",2021-05-11,1F98D,local,windows,
 1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80
 2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80
 5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139