header-logo
Suggest Exploit
vendor:
WiFilet (WiFi) Application (iPad & iPhone)
by:
Vulnerability Laboratory Research Team
6.3
CVSS
MEDIUM
File Inclusion, Arbitrary File Upload
22
CWE
Product Name: WiFilet (WiFi) Application (iPad & iPhone)
Affected Version From: WiFilet v1.2
Affected Version To: WiFilet v1.2
Patch Exists: No
Related CWE:
CPE: WiFilet
Metasploit:
Other Scripts:
Platforms Tested: iOS
2013

WiFilet v1.2 iPad iPhone – Multiple Web Vulnerabilities

A local file include and arbitrary file upload web vulnerability via POST request method is detected in the mobile WiFilet v1.2 app for the apple ipad & iphone. The vulnerability allows remote attackers via POST method to inject local app webserver folders to request unauthorized local webserver files. The main vulnerability is located in the upload file script of the webserver (http://192.168.0.10:9999/) when processing to load a manipulated filename via POST request method. The execution of the injected path or file request will occur when the attacker is watching the file index listing of the wifi web application web-server. Remote attackers can also unauthorized implement m

Mitigation:

Unknown
Source

Exploit-DB raw data: