iFTPStorage versions 1.3 and below for iPhone / iPod Touch suffers from a directory traversal vulnerability.
00b4737be909d2bfd4df4fb50f30c4cda6b4d5be428fb3debfc4f058131fed7f#############################################
### ###
## _x3l ##
# http://gahor-krisztian.hu/xel #
## xel@gahor-krisztian.hu ##
### ###
#############################################
# Exploit: iFTPStorage for iPhone / iPod touch <= 1.3 - Directory Traversal
# Date: 02/12/2010
# Author: _x3l
# Software Link: http://itunes.apple.com/us/app/iftpstorage/id333357690?mt=8
# Version: 1.3
# Tested on: iPhone 3GS with 4.2.1 firmware
There is directory traversal vulnerability in the iFTPStorage.
You can download all file from the iPhone when you connected to the ftp server.
For example: GET ../../../../../../etc/passwd
Thank you ;)
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed