This is a vulnerability writeup describing a local file include vulnerability in PhotoWebsite v3.1 iOS mobile web-application. The vulnerability allows remote attackers to include local file/path requests via the `mDirNameList` and `mDirUrlList` parameters in the `airphotos.ma` upload module.
Classification
Writeup 90%
Target:
PhotoWebsite v3.1 iOS Mobile Web Application
No auth needed
Prerequisites:
Access to the local network where the iOS device is connected · Ability to send POST requests to the vulnerable upload module