The document describes a command injection vulnerability in Wifi Album v1.47 iOS app, where attackers can inject system commands via album folder names. The PoC demonstrates an XSS-like payload but lacks executable exploit code.
Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target:Wifi Album v1.47 iOS
No auth needed
Prerequisites:Local device access · Ability to rename album folders