Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-31262 PoC — GOG Galaxy 安全漏洞

Source
https://github.com/secure-77/CVE-2022-31262
Associated Vulnerability
Title:GOG Galaxy 安全漏洞 (CVE-2022-31262)
Description:An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as SYSTEM.
Description
GOG Galaxy LPE Exploit
Readme
# CVE-2022-31262
GOG Galaxy 2.X LPE Exploit [CVE-2022-31262](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31262)

Tested Versions 2.0.46 - 2.0.51 (latest at 11.08.2022), older versions may also be vulnerable

Blog Post about the finding: https://secure77.de/gog-galaxy-cve-2022-31262/

LPE found via: https://github.com/secure-77/PSAccessFinder

## POC Demo

[![Demo POC](https://github.com/secure-77/CVE-2022-31262/blob/main/poc.gif)](https://www.youtube.com/watch?v=Bgdbx5TJShI)

Thanks to [Wh04m1001](https://github.com/Wh04m1001) for the cpp support
File Snapshot

 [4.0K]  /data/pocs/4e7145b6364758877b1a517798a60520c1dff34b
├── [5.1K]  exploit.ps1
├── [1.6K]  GalaxyCommunication.cpp
├── [1.1M]  GalaxyCommunication.exe
├── [1.1M]  poc.gif
└── [ 572]  README.md

0 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →