Posts

Showing posts from July, 2020

Turbo VPN: Unquoted Search Path Vulnerability

Image
Vulnerable Software:  Turbo VPN Affected Version:  1.1.0.0 Vendor Homepage:   https://www.turbovpn.co/#/views/index CVE:  – CVE Author:  Tejas Nitin Pingulkar Exploit Available:   POC Available About Affected Software: Turbo VPN For PC is a free VPN client which offers free VPN proxy giving you the chance to unblock sites and applications and gain access to restricted resources. Exploit: Turbo VPN 1.1.0.0 installers and applications are vulnerable to unquoted search path vulnerability as application search path are not quoted that is when application search for binaries TurboVPN folder stored in “C:\Program files(x86)\TurboVPN” it uses below search order as path is not quoted C:\Program.exe C:\Program (x86)\TurboVPN As on drive C:\ all users have full access, an attacker can place malicious exe with name “Program.exe” in C:\ path and wait for application to call Program.exe and escalate his/her privileges Affecte...