TRIGONE 远程系统监视器 3.61 未加引号的服务路径

2022-01-05 10:11:48 浏览数 (1)

供应商主页：https://www.trigonesoft.com/

软件链接：https://www.trigonesoft.com/download/Remote_System_monitor_Server_3.61_x86_Setup.exe

测试版本：3.61

漏洞类型：未加引号的服务路径 #

测试：Windows 7 x86 - Windows Server 2016 x64

发现未引用服务路径的步骤：

代码语言：javascript复制

C:>wmic service get name,displayname,pathname,startmode |findstr /i "auto"
|findstr /i /v "c:windows\" |findstr /i /v """

TRIGONE Remote System Monitor Server RemoteSystemMonitorService          
C:Program FilesTRIGONERemote System Monitor ServerRemoteSystemMonitorService.exe    
Auto

C:>sc qc srvInventoryWebServer
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: RemoteSystemMonitorService
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:Program FilesTRIGONERemote System Monitor Serv
erRemoteSystemMonitorService.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : TRIGONE Remote System Monitor Server
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

安全漏洞

0 人点赞