IBackup v10.0.0.45 suffers from a local Privilege Escalation Vulnerability
The indepndent vulnerability laboratory researcher `Hadji Samir ` discovered a local privilege escalation web vulnerability in the official Pro Softnet Corporation iBackup v10.x software. The issue exploits a local server vulnerability in the root path of the software to compromise the system by gaining higher system access privileges.
The `ibservice` service for windows could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user`s code would execute with the elevated privileges of the application.
Advanced Persistent Threat Golden_hands - Digital Bank Robbery of the Year 2020
Facebook Security - 12.500$ Bug Bounty reward to Security Researcher
Bug Bounty Program Award Winners 2014 - Exclusive Interview by Microsoft & PayPal
Shopify | Buy Button | Persistent Embed POST Inject Vulnerability