Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-import-export-lite domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the insert-headers-and-footers domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121
BartVPN 1.2.2 - 'BartVPNService' Unquoted Service Path - exploit.company
header-logo
Suggest Exploit
vendor:
BartVPN
by:
ZwX
7.8
CVSS
HIGH
Unquoted Service Path
428
CWE
Product Name: BartVPN
Affected Version From: 1.2.2002
Affected Version To: 1.2.2002
Patch Exists: NO
Related CWE:
CPE: a:bartvpn:bartvpn:1.2.2
Metasploit:
Other Scripts:
Platforms Tested: Windows 7
2019

BartVPN 1.2.2 – ‘BartVPNService’ Unquoted Service Path

The BartVPNService in BartVPN 1.2.2 has an unquoted service path vulnerability. This allows an attacker with local system privileges to potentially execute arbitrary code with elevated privileges by placing a malicious executable file in the root of the system drive.

Mitigation:

To mitigate this vulnerability, the vendor should update the service path to include quotes around the executable file path.
Source

Exploit-DB raw data:

#Exploit Title: BartVPN 1.2.2 - 'BartVPNService' Unquoted Service Path
#Exploit Author : ZwX
#Exploit Date: 2019-11-18
#Vendor Homepage : https://www.filehorse.com/
#Link Software : https://www.filehorse.com/download-bartvpn/
#Tested on OS: Windows 7


#Analyze PoC :
==============


C:\Users\ZwX>sc qc BartVPNService
[SC] QueryServiceConfig réussite(s)

SERVICE_NAME: BartVPNService
        TYPE               : 110  WIN32_OWN_PROCESS (interactive)
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Users\ZwX\AppData\Local\BartVPN\BartVPNService.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : BartVPNService
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

Navigation

Suggest Exploit

Services By CQR

cqrsecured