7 Sticky Notes 1.9 Command Injection
2024-2-3 06:51:45 Author: cxsecurity.com(查看原文) 阅读量:7 收藏

# Exploit Title: 7 Sticky Notes v1.9 - OS Command Injection # Discovered by: Ahmet Ümit BAYRAM # Discovered Date: 12.09.2023 # Vendor Homepage: http://www.7stickynotes.com # Software Link: http://www.7stickynotes.com/download/Setup7StickyNotesv19.exe # Tested Version: 1.9 (latest) # Tested on: Windows 2019 Server 64bit # # # Steps to Reproduce # # # # Open the program. # Click on "New Note". # Navigate to the "Alarms" tab. # Click on either of the two buttons. # From the "For" field, select "1" and "seconds" (to obtain the shell within 1 second). # From the "Action" dropdown, select "command". # In the activated box, enter the reverse shell command and click the "Set" button to set the alarm. # Finally, click on the checkmark to save the alarm. # Reverse shell obtained!



 

Thanks for you comment!
Your message is in quarantine 48 hours.


文章来源: https://cxsecurity.com/issue/WLB-2024020013
如有侵权请联系:admin#unsafe.sh