Eclipse Mosquitto MQTT broker 2.0.9 Exploit, 'mosquitto' Unquoted Service Path

# Exploit Title: Eclipse Mosquitto MQTT broker 2.0.9 - 'mosquitto' Unquoted Service Path
# Discovery by: Riadh Bouchahoua 
# Discovery Date: 19-03-2021
# Vendor Homepage: https://mosquitto.org/
# Software Links : https://mosquitto.org/download/
# Tested Version: 2.0.9
# Vulnerability Type: Unquoted Service Path
# Tested on OS: Windows 10 64 bits

# Step to discover Unquoted Service Path:



====

C:\Users\Admin>wmic service get name,pathname,startmode |findstr /i /v "C:\Windows\\" |findstr  "mosquitto"
mosquitto                                               C:\Program Files\mosquitto\mosquitto.exe run                      

====

C:\Users\Admin>sc qc mosquitto
[SC] QueryServiceConfig réussite(s)

SERVICE_NAME: mosquitto
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files\mosquitto\mosquitto.exe run
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Mosquitto Broker
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

All rights reserved nPulse.net 2009 - 2021
Powered by: MVCP 2.0-RC / ASPF / PHP 7.4 / NGINX / FreeBSD