Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtAhmet Ümit BAYRAM1337DAY-ID-39268
HistoryJan 29, 2024 - 12:00 a.m.

7 Sticky Notes v1.9 - OS Command Injection Vulnerability

2024-01-2900:00:00
Ahmet Ümit BAYRAM
0day.today
103
os command injection
7 sticky notes
windows 2019 server
alarms tab
reverse shell

7.4 High

AI Score

Confidence

Low

JSON
# Exploit Title: 7 Sticky Notes v1.9 - OS Command Injection
# Discovered by: Ahmet Ümit BAYRAM
# Vendor Homepage: http://www.7stickynotes.com
# Software Link:
http://www.7stickynotes.com/download/Setup7StickyNotesv19.exe
# Tested Version: 1.9 (latest)
# Tested on: Windows 2019 Server 64bit

# # #  Steps to Reproduce # # #

# Open the program.
# Click on "New Note".
# Navigate to the "Alarms" tab.
# Click on either of the two buttons.
# From the "For" field, select "1" and "seconds" (to obtain the shell
within 1 second).
# From the "Action" dropdown, select "command".
# In the activated box, enter the reverse shell command and click the "Set"
button to set the alarm.
# Finally, click on the checkmark to save the alarm.
# Reverse shell obtained!

7.4 High

AI Score

Confidence

Low

JSON