7 Sticky Notes 1.9 Command Injection

# Exploit Title: 7 Sticky Notes v1.9 - OS Command Injection# Discovered by: Ahmet Ümit BAYRAM# Discovered Date: 12.09.2023# Vendor Homepage: http://www.7stickynotes.com# Software Link:http://www.7stickynotes.com/download/Setup7StickyNotesv19.exe# Tested Version: 1.9 (latest)# Tested on: Windows 2019 Server 64bit# # #  Steps to Reproduce # # ## Open the program.# Click on "New Note".# Navigate to the "Alarms" tab.# Click on either of the two buttons.# From the "For" field, select "1" and "seconds" (to obtain the shellwithin 1 second).# From the "Action" dropdown, select "command".# In the activated box, enter the reverse shell command and click the "Set"button to set the alarm.# Finally, click on the checkmark to save the alarm.# Reverse shell obtained!