Christian Sciberras wrote: > I wrote my own example POC.
and failed to use it right! [...] > DHPOC\example\the-install-folder\ > DHPOC\example\the-install-folder\dhpocApp.exe > DHPOC\example\the-install-folder\dhpocDll.dll > DHPOC\example\the-remote-folder > DHPOC\example\the-remote-folder\example.dhpoc > DHPOC\example\the-remote-folder\dhpocDll.dll > > While testing this, I noticed that the dll hijack exploit completely > failed my tests (on Windows 7 64bit). No, you failed the test! The "application directory" is ALWAYS the first one where both implicit (referenced in the binary) as well as explicit (via LoadLibrary()) loading will search. Next time, do your homework first! Stefan _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/