Headline
VegaBird Vooki 5.2.9 DLL Hijacking
VegaBird Vooki version 5.2.9 suffers from a dll hijacking vulnerability.
====================================CVE ID: CVE-2024-45874Author: Iulian FloreaVendor: VegaBirdProduct: Vooki - Dynamic Web Application & REST API Vulnerability Scanner (DAST Tool)Vulnerability Type: DLL Hijacking========================================================================Summary==================================== A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Yaazhini.exe.====================================Exploitation====================================By placing an arbitrary DLL (Example: dcomp.dll) within the application folder (C:\Program Files\Vooki) and opening the application (Vooki.exe) it can be noted that the DLL is being loaded. This can lead to persistence or in some cases to privilege escalation.