WiFilet For iPhone/iPad Multiple Security Vulnerabilities
BID:58154
Info
WiFilet For iPhone/iPad Multiple Security Vulnerabilities
| Bugtraq ID: | 58154 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 25 2013 12:00AM |
| Updated: | Feb 25 2013 12:00AM |
| Credit: | Chokri Ben Achour |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
WiFilet For iPhone/iPad Multiple Security Vulnerabilities
WiFilet for iPhone/iPad is prone to multiple security vulnerabilities, including:
1. A local file-include vulnerability
2. An arbitrary-file-upload vulnerability
3. A cross-site request-forgery vulnerability
An attacker can exploit these issues to upload arbitrary files onto the web server, execute arbitrary local files within the context of the web server, perform unauthorized actions, and disclose or modify sensitive information.
WiFilet 1.2 is vulnerable; other versions may also be affected.
WiFilet for iPhone/iPad is prone to multiple security vulnerabilities, including:
1. A local file-include vulnerability
2. An arbitrary-file-upload vulnerability
3. A cross-site request-forgery vulnerability
An attacker can exploit these issues to upload arbitrary files onto the web server, execute arbitrary local files within the context of the web server, perform unauthorized actions, and disclose or modify sensitive information.
WiFilet 1.2 is vulnerable; other versions may also be affected.
Exploit / POC
WiFilet For iPhone/iPad Multiple Security Vulnerabilities
An attacker can exploit these issues through a browser. To exploit a cross-site request-forgery issue, the attacker must entice an unsuspecting user into following a malicious URI.
The following example code is available:
An attacker can exploit these issues through a browser. To exploit a cross-site request-forgery issue, the attacker must entice an unsuspecting user into following a malicious URI.
The following example code is available:
Solution / Fix
WiFilet For iPhone/iPad Multiple Security Vulnerabilities
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
WiFilet For iPhone/iPad Multiple Security Vulnerabilities
References:
References:
- WiFilet Download Page (Apple)
- WiFilet v1.2 iPad iPhone - Multiple Web Vulnerabilities (Vulnerability Laboratory)