This advisory details a path traversal vulnerability in Photos in Wifi 1.0.1 iOS app, allowing remote attackers to access unauthorized directories via manipulated filename values in POST requests. The vulnerability is located in the upload module and processed by the asset.php file.
Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target:Photos in Wifi iOS app 1.0.1
No auth needed
Prerequisites:Network access to the vulnerable app's web interface