This is a detailed technical writeup describing two local command injection vulnerabilities in Easy FTP Pro v4.2 iOS. The vulnerabilities are located in the `foldername` and `filename` parameters of the `easy ftp wifi` module, allowing local attackers with physical or restricted device access to inject malicious commands or path values.
Classification
Writeup 90%
Target:
Easy FTP Pro v4.2 iOS
Auth required
Prerequisites:
Physical or restricted access to the iOS device · Low privileged or restricted device user account