A remote control and remote scripting solution, built with .NET 8, Blazor, and SignalR.
GNU General Public License v3.0
4.47k
stars
1.61k
forks
source link
Unquoted/Trusted Service Paths Privilege Escalation Security Issue #848
Closed
Daniel-Hillenbrand closed 6 months ago
The new powershell installer is causing an unquoted/trusted service paths privilege escalation security issue when creating the Remotely service.
Details about the issue: https://juggernaut-sec.com/unquoted-service-paths/
The binary path should be escaped.
Current: New-Service -Name "Remotely_Service" -BinaryPathName "$InstallPath\Remotely_Agent.exe" Proposal: New-Service -Name "Remotely_Service" -BinaryPathName "
"$InstallPath\Remotely_Agent.exe
""