dll hijacking, so 2010. wtf is this shit, its been a year since this class of vulns became "mainstream" infosuck.
On 09/02/2011 05:59 PM, Mario Vilas wrote: > If it's a trusted .vbs then how would you drop a .dll in the same directory? > If you have write permissions it's easier to just modify the .vbs. > > You might as well claim the added value is to backdoor a .vbs file > subrepticiously so it doesn't show when inspecting the source code. But it > doesn't add that much, really, since a new and misterious .dll file would > also draw the attention, so it's probably easier to hide malicious intent > into the source code by obfuscating it. > > On Fri, Sep 2, 2011 at 11:53 PM, Nahuel Grisolia <nah...@bonsai-sec.com>wrote: > >> List, >> >> On 09/02/2011 06:45 PM, root wrote: >>> You don't get the worst part: unsuccessful exploitation also leads to >>> code execution. >>> Scary stuff. >>> >>> On 09/02/2011 05:05 PM, Mario Vilas wrote: >>>> Are you guys seriously reporting that double clicking on a malicious >> .vbs >>>> file could lead to remote code execution? :P >>>> >>>> Either I'm missing something (and I'd welcome a rebuttal here!) or you >> might >>>> as well add .exe to that list. All those extensions are already >> executable. >> >> I think that they're talking about that executing a trusted vbs could >> lead to the execution of malicious code. >> >> :S >> >> regards, >> -- >> Nahuel Grisolia - C|EH >> Information Security Consultant >> Bonsai Information Security Project Leader >> http://www.bonsai-sec.com/ >> (+54-11) 4777-3107 >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/