VegaBird Vooki 5.2.9 DLL Hijacking

VegaBird Vooki 5.2.9 DLL Hijacking
2024-10-1 05:46:28 Author: cxsecurity.com(查看原文) 阅读量:6 收藏

==================================== CVE ID: CVE-2024-45874 Author: Iulian Florea Vendor: VegaBird Product: Vooki - Dynamic Web Application & REST API Vulnerability Scanner (DAST Tool) Vulnerability Type: DLL Hijacking ==================================== ==================================== Summary ==================================== A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Yaazhini.exe. ==================================== Exploitation ==================================== By placing an arbitrary DLL (Example: dcomp.dll) within the application folder (C:\Program Files\Vooki) and opening the application (Vooki.exe) it can be noted that the DLL is being loaded. This can lead to persistence or in some cases to privilege escalation.

文章来源: https://cxsecurity.com/issue/WLB-2024090051
如有侵权请联系:admin#unsafe.sh