CVE-2019-15511 PoC — GOG Galaxy 安全漏洞

Source

https://github.com/adenkiewicz/CVE-2019-15511

Associated Vulnerability

Title:GOG Galaxy 安全漏洞 (CVE-2019-15511)
Description:GOG Galaxy是波兰GOG公司的一款游戏客户端程序。该程序用于安装、启动和更新游戏。 GOG Galaxy 1.2.60之前版本和2.0.0版本至2.0.8版本中所安装的GalaxyClientService存在提权漏洞，该漏洞源于不正确的访问控制。攻击者可通过发送未经身份验证的本地TCP数据包利用该漏洞在Windows系统中获取SYSTEM权限。

Description

GOG Galaxy Exploit for CVE-2019-15511

Readme

# GOG Galaxy Exploit for CVE-2019-15511
```
usage: exploit.py [-h]
                 [--action {LaunchElevatedRequest,FixDirectoryPrivilegesRequest,CreateDirectoryRequest,QueryProcessInfoRequest,InstallServiceRequest,DeleteServiceRequest,MoveAndVerifyGlobalDependencyRequest}]
                 target

positional arguments:
  target

optional arguments:
  -h, --help            show this help message and exit
  --action {LaunchElevatedRequest,FixDirectoryPrivilegesRequest,CreateDirectoryRequest,QueryProcessInfoRequest,InstallServiceRequest,DeleteServiceRequest,MoveAndVerifyGlobalDependencyRequest}
```

It exploits lack of auth when sensitive GalaxyClientService methods are called. Try `FixDirectoryPrivilegesRequest` (grants EVERYONE access to target
file) or `CreateDirectoryRequest` (creates directory in target location) to see it in action.

File Snapshot


 [4.0K]  /data/pocs/26cae096266d00d0f10d7a5335e3159c630a15c1
├── [2.7K]  exploit.py
└── [ 850]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!