Friday, August 9, 2019

Telerik Fiddler Application Privilege Escalation via Dll Hijacking


Fiddler application default installation path have write access by user.


And EnableLoopback feature is load dll files that doesn't exist . So , create malicious dll file to that folder and when you launch the WinConfig feature which in fiddler , malicious payload will execute.


Affected Executable file ,
fiddler.exe
EnableLoopback.exe ( privilege escalation )

Affected dll ,
imageres.dll
bcp47mm.dll
shlwapi.dll
fwbase.dll
DNSAPI.dll
FirewallAPI.dll
WindowsCodecs.dll
CRYPTBASE.dll



Poc video :






More detail about Dll Hijacking,
https://attack.mitre.org/techniques/T1038/
https://resources.infosecinstitute.com/mitre-attck-vulnerability-dll-search-order-hijacking/
https://cwe.mitre.org/data/definitions/427.html



No comments:

Post a Comment

Disclosures

- CVE-2020-11081 - CVE-2020-8950