New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DLL Hijacking "jansi.dll" #286
Comments
Is this another jython thing? I see jansi.dll is bundled in the jython jar. Does it only load the dll when our python interpreter is initialized? Thanks! |
As shown in the screenshot, "jansi.dll" is loaded when Ghidra is started. It is not necessary to access the Python interpreter. |
It looks like log4j might be the culprit here. Could you try adding |
I went ahead and added |
Describe the bug
Ghidra 9.0.1 is vulnerable to DLL hijacking because it loads, at least, "jansi.dll" from the working directory instead of loading it from the right directory where it is expected to be.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Load "jansi.dll" from the rigth directory where it is expected to be.
Screenshots
Environment (please complete the following information):
Additional context
In practice, vulnerability can be exploited, for instance, if the user launches Ghidra Projects from the contextual menu and it comes with a malicious "jansi.dll" file.
The text was updated successfully, but these errors were encountered: