WOW21 5.0.1.9 - 'Service WOW21_Service' Unquoted Service Path

EDB-ID:

50818

CVE:

N/A




Platform:

Windows

Date:

2022-03-10


# Exploit Title: WOW21 5.0.1.9 - 'Service WOW21_Service' Unquoted Service Path
# Exploit Author: Antonio Cuomo (arkantolo)
# Exploit Date: 2022-03-09
# Vendor : ilwebmaster21
# Version : WOW21_Service 5.0.1.9
# Vendor Homepage :  https://wow21.life/
# Tested on OS: Windows 10 Pro x64

#PoC :
==============

C:\>sc qc WOW21_Service
[SC] QueryServiceConfig OPERAZIONI RIUSCITE

NOME_SERVIZIO: WOW21_Service
        TIPO                      : 10  WIN32_OWN_PROCESS
        TIPO_AVVIO                : 2   AUTO_START
        CONTROLLO_ERRORE          : 1   NORMAL
        NOME_PERCORSO_BINARIO     : C:\Program Files\WOW21\WOW21_Service.exe
        GRUPPO_ORDINE_CARICAMENTO :
        TAG                       : 0
        NOME_VISUALIZZATO         : WOW21_Service
        DIPENDENZE                :
        SERVICE_START_NAME : LocalSystem