Lucene search
K

Easy Chat Server 3.1 Unquoted Service Path

🗓️ 17 Feb 2020 00:00:00Reported by bokuType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 163 Views

Easy Chat Server 3.1 Unquoted Service Path vulnerability on Windows 1

Code
`Exploit Title: Easy Chat Server v3.1 - 'Easy Chat Service' Unquoted Service Path  
Exploit Author: boku  
Date: 02/10/2020  
Vendor Homepage: http://www.echatserver.com/  
Software Link: http://www.echatserver.com/ecssetup.exe  
Version: 3.1  
Tested On: Windows 10 (32-bit)  
# Recreate:  
# 1) Download & install Easy Chat Server 3.1  
# 2) Open Easy Chat Server and click the 'Service...' Button on the bottom right  
# 3) Click 'Install Service' Button  
  
C:\Users\elaglor>wmic service get name, pathname, startmode | findstr /i "auto" | findstr /i /v "C:\Windows\\" | findstr /i /v """  
Easy Chat Service C:\EFS Software\Easy Chat Server\ecsService.exe Auto  
  
C:\Users\elaglor>sc qc "Easy Chat Service"  
[SC] QueryServiceConfig SUCCESS  
  
SERVICE_NAME: Easy Chat Service  
TYPE : 10 WIN32_OWN_PROCESS  
START_TYPE : 2 AUTO_START  
ERROR_CONTROL : 1 NORMAL  
BINARY_PATH_NAME : C:\EFS Software\Easy Chat Server\ecsService.exe  
LOAD_ORDER_GROUP :  
TAG : 0  
DISPLAY_NAME : Easy Chat Service  
DEPENDENCIES :  
SERVICE_START_NAME : LocalSystem  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Feb 2020 00:00Current
0.2Low risk
Vulners AI Score0.2
163