An insecure practice of placing the Loki application in a directory writable by all authenticated users can lead to persistence via DLL sideloading. If Loki is installed in such a directory, like 'C:\loki', an attacker could replace a legitimate DLL with a malicious one, giving the attacker persistent access to the affected system.
Windows
- An authenticated threat actor can exploit a vulnerability in the ZKTeco WDMS due to improper write permissions on the 'django.wsgi' file. This misconfiguration allows the attacker to modify the file and execute arbitrary code with elevated privileges on the server, resulting in persistent access to the affected system.
