LFI to RCE via access_log injection

Kineti Count DLL Hijacking Vulnerability

[o] Kineti Count DLL Hijacking Vulnerability

Software : Kineti Count version 1.0 Beta (KinetiCount.exe)
Vendor : http://www.kineticstorm.com/
Author : AntiSecurity [ NoGe Vrs-hCk OoN_BoY Paman zxvf s4va ]
Contact : public[at]antisecurity[dot]org
Home : http://antisecurity.org/


[o] Vulnerable DLL

dwmapi.dll


[o] Extension

.kcp


[o] PoC

http://antisecurity.org/sploit/kineticount_dll.zip
http://www.packetstormsecurity.org/1009-exploits/kineticount-dllhijack.tgz


[o] Usage

+ Unzip kineticount_dll.zip
+ Double click exploit.kcp or open with KinetiCount.exe
+ You will see calc pop up


[o] Tested On

Microsoft Windows XP Professional
Version 5.1.2600 Service Pack 2 Build 2600


Comments

labatterie said…
skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke?
evilc0de said…
wow you know the details.. :))
Thank you for sharing with us. The content is very good and helpful for me, I learn and know more about it.