HTTPDebuggerPro 9.11 - Unquoted Service Path

vendor:

HTTPDebuggerPro

by:

Aryan Chehreghani

7.5

CVSS

HIGH

Unquoted Service Path

428

CWE

Product Name: HTTPDebuggerPro

Affected Version From: 9.11

Affected Version To: 9.11

Patch Exists: NO

Related CWE:

CPE: a:httpdebugger:httpdebuggerpro:9.11

Metasploit:

Other Scripts:

Platforms Tested: Windows 10 x64

2021

HTTPDebuggerPro 9.11 – Unquoted Service Path

The HTTPDebuggerPro software version 9.11 on Windows 10 x64 is vulnerable to an unquoted service path. This vulnerability allows an attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory with a space in its name, leading to the service loading the malicious executable instead of the intended one.

Mitigation:

The vendor has not provided a patch or mitigation for this vulnerability. To mitigate the risk, users can manually modify the service path to include double quotes around the binary path name.

Source

Exploit-DB raw data:

# Exploit Title: HTTPDebuggerPro 9.11 - Unquoted Service Path
# Exploit Author: Aryan Chehreghani
# Date: 23/11/2021
# Vendor Homepage: https://www.httpdebugger.com
# Software Link: https://www.httpdebugger.com/download.html
# Version: 9.11
# Tested on: Windows 10 x64

SERVICE_NAME: HTTPDebuggerPro
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : "C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe"
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : HTTP Debugger Pro
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem