NETGATE Data Backup 3.0.620 - 'NGDatBckpSrv' Unquoted Service Path

🗓️ 05 Dec 2019 00:00:00Reported by ZwXType

exploitdb🔗 www.exploit-db.com👁 312 Views

NETGATE Data Backup 3.0.620 unquoted service path vulnerability on Windows

#Exploit Title: NETGATE Data Backup 3.0.620 - 'NGDatBckpSrv' Unquoted Service Path
#Exploit Author : ZwX
#Exploit Date: 2019-12-04
#Vendor Homepage : http://www.netgate.sk/
#Link Software : http://www.netgate.sk/download/download.php?id=5
#Tested on OS: Windows 7


#Analyze PoC :
==============


C:\Users\ZwX>sc qc NGDatBckpSrv
[SC] QueryServiceConfig réussite(s)

SERVICE_NAME: NGDatBckpSrv
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files\NETGATE\Data Backup\DataBackupSrv.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : NETGATE Data Backup Service
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

05 Dec 2019 00:00Current

7.4High risk

Vulners AI Score7.4

NETGATE Data Backup 3.0.620 - &#039;NGDatBckpSrv&#039; Unquoted Service Path

NETGATE Data Backup 3.0.620 - 'NGDatBckpSrv' Unquoted Service Path