EIP-2026-102245

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102245. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability in HardDrive v2.1 for iOS, allowing remote attackers to bypass file extension checks and upload malicious files (e.g., webshells) via the `upload` POST method. The PoC shows how an attacker can upload a file with a deceptive extension (e.g., `exploit.html.js.png`) and later access it with a modified extension to execute arbitrary code.

Description

HardDrive 2.1 for iOS - Arbitrary File Upload

Exploits (1)

exploitdb WORKING POC

by Vulnerability-Lab · textwebappsios

https://www.exploit-db.com/exploits/48406

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file upload vulnerability in HardDrive v2.1 for iOS, allowing remote attackers to bypass file extension checks and upload malicious files (e.g., webshells) via the `upload` POST method. The PoC shows how an attacker can upload a file with a deceptive extension (e.g., `exploit.html.js.png`) and later access it with a modified extension to execute arbitrary code.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: HardDrive v2.1 for iOS

No auth needed

Prerequisites: Network access to the vulnerable iOS application's web server (port 50071) · Ability to send crafted HTTP POST requests

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

HardDrive 2.1 for iOS - Arbitrary File Upload

Exploitation Summary

Description

Exploits (1)

Details