header-logo
Suggest Exploit
vendor:
Genexus Protection Server
by:
SamAlucard

Genexus Protection Server 9.7.2.10 – Unquoted Service Path Vulnerability

The Genexus Protection Server 9.7.2.10 is vulnerable to an unquoted service path issue, which could allow an attacker to escalate privileges on the system by placing a malicious executable in the path without quotes. This could lead to arbitrary code execution with elevated privileges.

Mitigation:

To mitigate this vulnerability, ensure that all Windows services have their paths quoted properly to prevent unauthorized users from manipulating the path and executing arbitrary code.
Source

Exploit-DB raw data:

#Exploit Title: Genexus Protection Server 9.7.2.10 - 'protsrvservice' Unquoted Service Path Service Path
#Exploit Author : SamAlucard
#Exploit Date: 2024-07-31
#Vendor : Genexus
#Version : Genexus Protection Server 9.7.2.10
#Software Link: https://www.genexus.com/en/developers/downloadcenter?data=;;
#Vendor Homepage :  https://www.genexus.com/es/
#Tested on OS: Windows 10 Pro

#Analyze PoC :
==============

C:\>sc qc protsrvservice
[SC] QueryServiceConfig CORRECTO

NOMBRE_SERVICIO: protsrvservice
        TIPO               : 10  WIN32_OWN_PROCESS
        TIPO_INICIO        : 2   AUTO_START
        CONTROL_ERROR      : 1   NORMAL
        NOMBRE_RUTA_BINARIO: C:\Program Files
(x86)\CommonFiles\Artech\GXProt1\ProtSrv.exe
        GRUPO_ORDEN_CARGA  :
        ETIQUETA           : 0
        NOMBRE_MOSTRAR     : ProtSrvService
        DEPENDENCIAS       : RPCSS
        NOMBRE_INICIO_SERVICIO: LocalSystem