CVE-2022-31262 PoC — GOG Galaxy 安全漏洞

Source

https://github.com/secure-77/CVE-2022-31262

Associated Vulnerability

Title:GOG Galaxy 安全漏洞 (CVE-2022-31262)
Description:GOG Galaxy是波兰GOG公司的一款游戏客户端程序。该程序用于安装、启动和更新游戏。 GOG Galaxy 2.0.46版本存在安全漏洞，该漏洞源于存在一个可利用的本地提权漏洞，由于文件夹权限不足，攻击者可以劫持%ProgramData%GOG.com文件夹结构，将 GalaxyCommunication服务可执行文件更改为恶意文件，从而以SYSTEM身份执行代码。

Description

GOG Galaxy LPE Exploit

Readme

# CVE-2022-31262
GOG Galaxy 2.X LPE Exploit [CVE-2022-31262](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31262)

Tested Versions 2.0.46 - 2.0.51 (latest at 11.08.2022), older versions may also be vulnerable

Blog Post about the finding: https://secure77.de/gog-galaxy-cve-2022-31262/

LPE found via: https://github.com/secure-77/PSAccessFinder

## POC Demo

[![Demo POC](https://github.com/secure-77/CVE-2022-31262/blob/main/poc.gif)](https://www.youtube.com/watch?v=Bgdbx5TJShI)

Thanks to [Wh04m1001](https://github.com/Wh04m1001) for the cpp support

File Snapshot


 [4.0K]  /data/pocs/4e7145b6364758877b1a517798a60520c1dff34b
├── [5.1K]  exploit.ps1
├── [1.6K]  GalaxyCommunication.cpp
├── [1.1M]  GalaxyCommunication.exe
├── [1.1M]  poc.gif
└── [ 572]  README.md

0 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!