This advisory details a remote code execution vulnerability in FTP Drive + HTTP Server v1.0.4 for iOS, where the 'newDir' parameter in the create folder functionality allows arbitrary code execution due to insufficient input validation. The vulnerability is exploited via a crafted GET request, bypassing simple quote encoding.
Classification
Writeup 95%
Target:
FTP Drive + HTTP Server v1.0.4 iOS
No auth needed
Prerequisites:
Network access to the vulnerable iOS device running the FTP Drive + HTTP Server app