关联漏洞
标题:PuneethReddyHC Event Management SQL注入漏洞 (CVE-2024-3432)Description:PuneethReddyHC Event Management是Puneeth Reddy H C个人开发者的一个应用程序。用简单的逻辑和安全的方式帮助用户注册大学节日中举办的活动。 PuneethReddyHC Event Management 1.0版本存在SQL注入漏洞,该漏洞源于文件/backend/register.php的参数event_id/full_name/email/mobile/college/branch存在SQL注入漏洞。
介绍
# CVE-2024-3432
Tested Product: Datacard XPS Card Printer Driver Version: <= 8.4
Description: The application is prone to Local Privilege Escalation (LPE) vulnerability due to insecure file/folder permissions on its default installation, by which it grants the rights for everyone for full control over the path: C:\ProgramData\Datacard\XPS Card Printer\Service.
Files and folders in the path "C:\ProgramData\Datacard" can be modified by unprivileged users, malicious processes and/or threat actors. Once an admin installs XPS Card Printer, which runs under SYSTEM context, it will invoke the DEVOBJ.dll or CFGMGR32.dll in the directory "C:\ProgramData\Datacard\XPS Card Printer\Service", where a low privileged user can already place a malicious dll upfront and which will not be checked and deleted by the installation. These dlls do not exist and therefore will give NOT FOUND by the application installer. If a malicious user places a dll named DEVOBJ.dll or CFGMGR32.dll within this directory, the setup will inadvertently execute these malicious dll when the service is trying to connect to the card printer, running them with SYSTEM privileges.
Exploit POC:
1- With a low priv user, create the directory "C:\ProgramData\Datacard\XPS Card Printer\Service" and throw a desired DLL and rename it to DEVOBJ.dll or CFGMGR32.dll
2- With an Administrator, proceed to install the driver as normal.
3- The DLL payload will be executed as SYSTEM.
文件快照
[4.0K] /data/pocs/f58520ab2d6ff77f49ff8fc88c09c112f565e40f
└── [1.4K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。