0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

My Contacts Backup Pro 2.0.1 IOS - Command Inject Vulnerability & Cross Site Scripting Vulnerabi

Author

Taurus Omar

Risk

[

Security Risk High

]

0day-ID

Category

Date add

Platform

Document Title:
===============
My Contacts Backup Pro 2.0.1 IOS - Command Inject Vulnerability & Cross Site Scripting 

Credits & Authors:
==================
TaurusOmar  - @TaurusOmar_ (taurusomar13@gmail.com) [taurusomar.blogspot.com]

Release Date:
=============
2015-08-11

Product & Service Introduction:
===============================
My Contacts Backup Pro is the easiest way to backup and restore your contacts all from your phone without needing a computer or synchronization. 
You can backup all your contacts with a single touch and send it to yourself as a .vcf attachment via email.
All contacts can then easily be restored any time by simply opening the .vcf file in your mailbox.

(Copy of the Vendor Homepage: https://itunes.apple.com/en/app/my-contacts-backup-pro/id466388978?mt=8 )


Abstract Advisory Information:
==============================
An independent Vulnerability Laboratory researcher discovered multiple vulnerabilities in the official application  My Contacts Backup Pro 2.0.1.

Vulnerability Disclosure Timeline:
==================================
2015-08-11:	Public Disclosure

Discovery Status:
=================
Published


Affected Product(s):
====================
GLOBILE BILISIM BILGISAYAR
Product: My Contacts Backup Pro 2.0.1 - iOS Mobile Web Application


Exploitation Technique:
=======================
Local


Severity Level:
===============
medium


Technical Details & Description:
================================
An application-side input validation web vulnerability has been discovered in the official My Contacts Backup Pro 2.0.1  iOS mobile application.
The vulnerability allows a local attacker to inject own script code as payload to the application-side of the vulnerable service function or module.
The vulnerability exists in the text box contacts in which injects the code is activated when the web server option to transfer 
contacts 192.1.1.1:8080 the application executes the code along with the script.

Request Method(s):
					[+] Export

Vulnerable Module(s):

					[+] Add Contact

Vulnerable Parameter(s):

					[+] TextBox Name


Proof of Concept (PoC):
=======================
The persistent input validation web vulnerability can be exploited by local attackers with system user account and without user interaction.
For security demonstration or to reproduce the security vulnerability follow the provided information and steps below to continue.

1. Install the ios application ( https://itunes.apple.com/en/app/my-contacts-backup-pro/id466388978?mt=8)
2. Add new Contact with script in the TexBox Name 
2. Start the app and open the import function
3. Activate the Web Server application
4. Successful reproduce of the persistent vulnerability!

Proof of Concept (IMAGES):
1. http://i.imgur.com/FwXgcGC.jpg
2. http://i.imgur.com/kcufjhc.jpg
3. http://i.imgur.com/BhPS34z.jpg
4. http://i.imgur.com/EsFKiYv.jpg


PoC_1: Command Inject Vulnerability 

<div>Identifier (UDID): FFFFFFFFC0463E7B3E5D46A88EDF4194C74B27D1
<br>Model: IPhone<br>Name: Iphone-Taurus>"<./[LOCAL COMMAND INJECT VULNERABILITY VIA DEVICE NAME VALUE!]">%20<gt;<BR>
System Name: iPhone OS<BR>System Version: 8.3<BR>Total Memory (RAM): 987.98 MB<BR>
Free Memory: 19.06 MB<BR>Total Storage: 64.00 GB<BR>Free Storage: 44.00 GB<BR>
CPU Frequency: an error occured<BR>Network: WiFi<BR>Wi-Fi: 02:02:02:02:02:02<BR>
IP Address: 192.168.1.141<BR>Carrier: not available<BR></iframe></div>


PoC_2: Cross Site Scripting
<object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgiVnVsbmVyYWJsZSIpOzwvc2NyaXB0Pg=="></object>


Security Risk:
==============
The security risk of the persistent input validation vulnerability in the name value is estimated as medium. (CVSS 4.7)

#  0day.today [2024-11-15]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

My Contacts Backup Pro 2.0.1 IOS - Command Inject Vulnerability & Cross Site Scripting Vulnerabi

Report Error

Report Error