Possible Custom Exporter DLL exploit vulnerability #232
Comments
|
vanilla famitracker has a plugin feature intended for custom format exports, but unfortunately this was not documented much nor was it expanded upon. i'm not sure if i should remove it entirely, but i will be disabling it for security reasons. |
Gumball2415
changed the title
Gumball2415
added a commit
that referenced
this issue
Nov 29, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This line of code will execute any dll file placed in the /Plugins folder.
This could be considered a vulnerability or a feature, but I was not able to find any documentation about this feature.
Here is POC exploit to illustrate the code execution. https://github.com/eatscrayon/Dn-FamiTracker-dll-hijack
The text was updated successfully, but these errors were encountered: