7 Sticky Notes 1.9 Command Injection

2024.02.02
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-78

# Exploit Title: 7 Sticky Notes v1.9 - OS Command Injection # Discovered by: Ahmet Ümit BAYRAM # Discovered Date: 12.09.2023 # Vendor Homepage: http://www.7stickynotes.com # Software Link: http://www.7stickynotes.com/download/Setup7StickyNotesv19.exe # Tested Version: 1.9 (latest) # Tested on: Windows 2019 Server 64bit # # # Steps to Reproduce # # # # Open the program. # Click on "New Note". # Navigate to the "Alarms" tab. # Click on either of the two buttons. # From the "For" field, select "1" and "seconds" (to obtain the shell within 1 second). # From the "Action" dropdown, select "command". # In the activated box, enter the reverse shell command and click the "Set" button to set the alarm. # Finally, click on the checkmark to save the alarm. # Reverse shell obtained!


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top