what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 3 of 3

Files from Vincent Yiu

League Of Legends Screensaver Unquoted Service Path Privilege Escalation

Posted Jun 7, 2016

Authored by Vincent Yiu

The League of Legends installer would install the League of Legends screensaver along with a service. The service would be called 'lolscreensaver'. This particular service was misconfigured such that the service binary path was unquoted. When the screensaver is installed to 'C:\Riot Games', the issue is not exploitable. However, during the installation process, users are able to specify a directory to install to. When a user chooses to install this to say an external drive, this becomes exploitable.

tags | exploit

SHA-256 | 1c3a2785a3461ccc741c244d0eb3a6544f42521626f9be71e8b639b2934e73f1

Download | Favorite | View

League Of Legends Screensaver File Permission Privilege Escalation

Posted Jun 7, 2016

Authored by Vincent Yiu

The League of Legends screensaver was installed with insecure file permissions. It was found that all folder and file permissions were incorrectly configured during installation. It was possible to replace the service binary.

tags | exploit

SHA-256 | 23513002a36231e12b2425e27ca297ffc2ec5ef5d2b1992de4beb86e92bf5771

Download | Favorite | View

AirOS 6.x Arbitrary File Upload

Posted Apr 15, 2016

Authored by Vincent Yiu

AirOS version 6.x suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload

SHA-256 | a2045ad92aa7807fb104f6e5684803d581ae09e9d5bbb906da255625550214c5

Download | Favorite | View