MiniTool ShadowMaker 3.2 Unquoted Service Path

MiniTool ShadowMaker version 3.2 suffers from an unquoted service path vulnerability.

MD5 | 63df62c62699528cacbf92779536339a

# Exploit Title: MiniTool ShadowMaker 3.2 - 'MTAgentService' Unquoted Service Path
# Discovery by: Thalia Nieto
# Discovery Date: 02/01/21
# Vendor Homepage: https://www.minitool.com
# Software Link: https://www.minitool.com/backup/thanks-download.html?v=sm-free&r=download-center/
# Tested Version: 3.2
# Vulnerability Type: Unquoted Service Path
# Tested on OS: Windows 10

# Step to discover Unquoted Service Path: 

C:\>wmic service get name, pathname, displayname, name | findstr /i "MTAgentService"

MTAgentService  MTAgentService  C:\Program Files\MiniTool ShadowMaker\AgentService.exe

# Service info:

C:\>sc qc "MTAgentService"
[SC] QueryServiceConfig CORRECTO

NOMBRE_SERVICIO: MTAgentService
        TIPO               : 110  WIN32_OWN_PROCESS (interactive)
        TIPO_INICIO        : 2   AUTO_START
        CONTROL_ERROR      : 1   NORMAL
        NOMBRE_RUTA_BINARIO: C:\Program Files\MiniTool ShadowMaker\AgentService.exe
        GRUPO_ORDEN_CARGA  :
        ETIQUETA           : 0
        NOMBRE_MOSTRAR     : MTAgentService
        DEPENDENCIAS       :
        NOMBRE_INICIO_SERVICIO: LocalSystem

Source: packetstormsecurity.com

Exploit Collector

Search Exploit

MiniTool ShadowMaker 3.2 Unquoted Service Path