what you don't know can hurt you

HomeGuard Pro 9.3.1 Insecure Folder Permissions

HomeGuard Pro 9.3.1 Insecure Folder Permissions
Posted Feb 14, 2020
Authored by boku

HomeGuard Pro version 9.3.1 suffers from an insecure folder permission vulnerability.

tags | exploit
MD5 | a0e51a7e93f68de15cbd46648a358704

HomeGuard Pro 9.3.1 Insecure Folder Permissions

Change Mirror Download
# Exploit Title: HomeGuard Pro 9.3.1 - Insecure Folder Permissions
# Exploit Author: boku
# Date: 2020-02-13
# Vendor Homepage: https://veridium.net
# Software Link: https://veridium.net/files_u/hg-pro/exe/HomeGuardPro-Setup.exe
# Version 9.3.1
# Tested On: Windows 10 (32-bit)

# HomeGuard Pro v9.3.1 - Unquoted Service Path + Insecure Folder/File/Service Permissions

## Service Information (Unquoted Service Path)
C:\>wmic service get Name,PathName,StartMode,StartName | findstr /v "C:\Windows" | findstr /i /v """
Name PathName StartMode StartName
HG52 AM VI C:\Program Files\HomeGuard Pro\vglset.exe Auto LocalSystem
HG52 AMC C:\Program Files\HomeGuard Pro\vglsetw.exe Auto LocalSystem
HG52 AM REM C:\Program Files\HomeGuard Pro\vglrem.exe Auto LocalSystem
HG52 AM SRV C:\Program Files\HomeGuard Pro\vglserv.exe Auto LocalSystem

## Insecure Folder Permission
C:\>icacls "C:\Program Files\HomeGuard Pro" | findstr /i "Users"
C:\Program Files\HomeGuard Pro BUILTIN\Users:(F)

## Insecure File/Service Permission
C:\>icacls "C:\Program Files\HomeGuard Pro\VGL*" | findstr /i "Users"
C:\Program Files\HomeGuard Pro\vglrem.exe BUILTIN\Users:(I)(F)
C:\Program Files\HomeGuard Pro\VGLSERV.EXE BUILTIN\Users:(I)(F)
C:\Program Files\HomeGuard Pro\vglset.exe BUILTIN\Users:(I)(F)
C:\Program Files\HomeGuard Pro\vglsetw.exe BUILTIN\Users:(I)(F)

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    2 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    16 Files
  • 13
    Feb 13th
    19 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    20 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close