Hubstaff DLL Search Order Hijacking Vulnerability in Hubstaff
Vulnerability
A DLL search order hijacking vulnerability has been identified in Hubstaff versions 1.6.13 and 1.6.14. This vulnerability allows attackers to replace a missing DLL file, wow64log.dll, in the system32 directory with a malicious library. By generating a custom DLL using Metasploit and placing it in the system32 directory, attackers can obtain a reverse shell when the application is launched.
Impact
Exploitation of this vulnerability allows for unauthorized DLL injection, leading to arbitrary code execution with the privileges of the user running the Hubstaff application.
Reproduction
To reproduce this vulnerability, first generate a malicious DLL named wow64log.dll using Metasploit's msfvenom tool, targeting a reverse shell payload. Place the crafted DLL into the system32 directory. After setting up a listener on the specified port, launch the Hubstaff application. The reverse shell connection will be received on the attacker's console.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.