Closed eatscrayon closed 8 months ago
vanilla famitracker has a plugin feature intended for custom format exports, but unfortunately this was not documented much nor was it expanded upon. i'm not sure if i should remove it entirely, but i will be disabling it for security reasons.
This line of code will execute any dll file placed in the /Plugins folder. This could be considered a vulnerability or a feature, but I was not able to find any documentation about this feature. Here is POC exploit to illustrate the code execution. https://github.com/eatscrayon/Dn-FamiTracker-dll-hijack