Title: EasyPHP Devserver Insecure File Permissions Privilege Escalation Application: EasyPHP Devserver Versions Affected: 16.1 Vendor URL: http://www.easyphp.org/ Discovered by: Ashiyane Digital Security Team ~ Micle Tested on: Windows 10 Professional x86 Bugs: Insecure File Permissions Privilege Escalation Source: http://www.micle.ir/exploits/1003 Date: 10-Dec-2016 Description: EasyPHP installs by default to "C:\Program Files\EasyPHP-Devserver-16.1" with very weak file permissions granting any user full permission to the exe. This allows opportunity for code execution against any other user running the application. Proof: C:\Program Files\EasyPHP-Devserver-16.1>cacls run-easyphp-devserver.exe C:\Program Files\EasyPHP-Devserver-16.1\run-easyphp-devserver.exe BUILTIN\Users:(ID)C NT AUTHORITY\SYSTEM:(ID)F BUILTIN\Administrators:(ID)F APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(ID)R Exploit: Simply replace run-easyphp-devserver.exe and wait for execution.
Related ExploitsTrying to match setup file: 64184d330a34be9e6c029ffa63c903de
Other Possible E-DB Search Terms: EasyPHP Devserver 16.1.1, EasyPHP Devserver
|2016-11-22||EasyPHP Devserver 16.1.1 - Cross-Site Request Forgery / Remote Command Execution||hyp3rlinx|