Title: Acunetix 10 Multi DLL Hajacking
Versions Affected: 10.0
Vendor URL: http://www.acunetix.com
Discovered by: Ashiyane Digital Security Team
Tested on: Windows 10
Bugs: DLL Hajacking
A local dll injection vulnerability has been discovered in the official
Acunetix software.The issue allows local attackers to inject code to
vulnerable libraries to compromise the process or to gain higher access
Proof of Concept:
For security demonstration or to reproduce the vulnerability follow the
provided information and steps below to continue.
Manual steps to reproduce the local vulnerability ...
1. Compile dll and rename to 'libeay32.dll' or other effected areas
2. Copy libeay32.dll[or other effected areas] to C:\Program Files
(x86)\Acunetix\Web Vulnerability Scanner 10
3. Launch wvs.exe
4. MessageBox Executed..!