Re: [Full-disclosure] On the iPhone PDF and kernel exploit gives me a 404 Not Found error.

There were a few vulnerabilities in lighthttpd related to the %00 character
but after googling a while I couldn't find this particular one. I guess it's
worth reporting if this still works in the current version (1.5.0).

On Thu, Aug 5, 2010 at 12:04 PM, Sabahattin Gucukoglu <
mail@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:

On 5 Aug 2010, at 10:13, Ryan Sears wrote:
Well I'm no expert but I'm going to see if I can reverse engineer the PDFs
used for jailbreaking (obviously I'd need an ARM assembly book or someone
who knows it :-P) and figure out exactly what they're doing. I agree with
was said earlier, I'm not saying they're doing something malicious, but if I
wanted to backdoor thousands of phones this is how I'D do it.

It didn't work for me. I use VoiceOver, which didn't like the (fake)
slider implemented in javascript, so I had to spoof the UA on a Mac, grab
the source, inspect it, grab the PDF, email it to myself ... it didn't work.
:-( iPhone 3GS = 2,1, yes?

Either way anyone interested in doing the same I've discovered that the
webserver (lighthttpd 1.4.19) drops the index if you GET a null byte.

Nice, did you just try it in case it might work, or does this constitute a
vuln that wants fixing in current lighttpd? It's just that indexing happens
to be enabled on too.

Also if anyone knows how to get in contact with any of the admins for the
site (or anyone who runs it for that matter) please either let me know or
let them know.

Ditto, thanks.


Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

HONEY: I want to… put some powder on my nose.
GEORGE: Martha, won’t you show her where we keep the euphemism?
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -