WebLog Expert Enterprise 9.4 权限提升漏洞

  • 2018-04-03
  • 2,586
  • 0

Software Link: https://www.weblogexpert.com/download.htm

Exploit:
1. Login as regular user where WebLog Expert and WebLog Expert Schedule Service are installed

2. Open WebLog Expert and then Schedule

3. Select Add, Next, choose ‘Sample – HTML’ under Profile, Next

4. Check ‘Run command…’ box, fill in ‘Command’ and ‘Run in’ as listed below
Command:

C:\Windows\System32\cmd.exe
Run in: C:\Windows\System32\

5. Select Next, Finish, Highlight New Task, select Run Now

6. Pop-up will appear in taskbar that reads ‘A program running on this computer is trying to display a message’

7. Select ‘View the message’

8. Command prompt is shown

C:\Windows\system32>whoami
nt authority\system
感谢打赏!
支付宝

评论

还没有任何评论,你来说两句吧

你必须 登录 才能发表评论.