Bookeen Notea – Directory Traversal

Exploit Database
10 阅读

作者： Clement MAILLIOUX

日期： 2022-05-11
类别：
- remote
平台：
- android
来源：https://www.exploit-db.com/exploits/50897/

# Exploit Title: Bookeen Notea - Directory Traversal
# Date: December 2021
# Exploit Author: Clement MAILLIOUX
# Vendor Homepage: https://bookeen.com/
# Software Link: N/A
# Version: BK_R_1.0.5_20210608
# Tested on: Bookeen Notea (Android 8.1)
# CVE : CVE 2021-45783

# The affected version of the Bookeen Notea System Update is prone to directory traversal vulnerability related to its note Export function.
# The vulnerability can be triggered like so : 
# - Create a note or use an existing note on the device
# - rename this note ../../../../../../
# - keep touching the note until a menu appears
# - touch to select "export"
# - touch "View"

# Now you can access and explore the device filesystem.

last Exploits
Bookeen Notea – Directory Traversal的更多信息

F5 iControl – ‘iCall::Script’ Root Command Execution (Metasploit)：
Perl Data::FormValidator 4.66 Module – ‘results()’ Security Bypass：
Aloaha PDF Suite – Remote Stack Buffer Overflow：
Macrovision Installshield Update Service – Remote Buffer Overflow (Metasploit)：
PHP 4 – Unserialize() ZVAL Reference Counter Overflow (Cookie) (Metasploit)：
Cisco Catalyst 2960 IOS 12.2(55)SE1 – ‘ROCEM’ Remote Code Execution：
Rocket Servergraph Admin Center – fileRequestor Remote Code Execution (Metasploit)：
ProFTPd 1.3.5 – ‘mod_copy’ Command Execution (Metasploit)：