-
-
-
-- >%20(125)
-
-
-
- Fotoarchiv(0)
-
-
-
- WallpapersHD(3)
-
-
-Reference(s):
-http://localhost:6688/index.html
-http://localhost:6688/albumhtm
-http://localhost:6688/albumhtm?id=
-http://localhost:6688/albumhtm?id=D579B80C-B73D-4A16-9379-FB29A6CFC12C
-
-
-Solution - Fix & Patch:
-=======================
-The vulnerability can be patched by a secure encode and parse of the vulnerable album name value.
-Parse and filter also the index and sub category output list to ensure it prevents local command/path requests.
-
-
-Security Risk:
-==============
-The security risk of the local command/path inject web vulnerability is estimated as high.
-
-
-Credits & Authors:
-==================
-Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (bkm@evolution-sec.com) [www.vulnerability-lab.com]
-
-
-Disclaimer & Information:
-=========================
-The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties,
-either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-
-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business
-profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some
-states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation
-may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases
-or trade with fraud/stolen material.
-
-Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.evolution-sec.com
-Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com
-Section: www.vulnerability-lab.com/dev - forum.vulnerability-db.com - magazine.vulnerability-db.com
-Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab
-Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php
-
-Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory.
-Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other
-media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and
-other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed),
-modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission.
-
- Copyright ? 2013 | Vulnerability Laboratory [Evolution Security]
-
-
-
---
-VULNERABILITY LABORATORY RESEARCH TEAM
-DOMAIN: www.vulnerability-lab.com
-CONTACT: research@vulnerability-lab.com
-
-
diff --git a/platforms/hardware/webapps/30145.txt b/platforms/hardware/webapps/30145.txt
new file mode 100755
index 000000000..941328ae9
--- /dev/null
+++ b/platforms/hardware/webapps/30145.txt
@@ -0,0 +1,218 @@
+Document Title:
+===============
+Feetan Inc WireShare v1.9.1 iOS - Persistent Vulnerability
+
+
+References (Source):
+====================
+http://www.vulnerability-lab.com/get_content.php?id=1157
+
+
+Release Date:
+=============
+2013-12-05
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+1157
+
+
+Common Vulnerability Scoring System:
+====================================
+6.4
+
+
+Product & Service Introduction:
+===============================
+WireShare supports more than 30 different file formats, including PDF, EPUB, TXT, CHM,PNG,MP3, RMVB and AVI.
+You’re able to import files via EMAIL,Wi-Fi, iTunes File Sharing, the built-in browser, and Dropbox, Box,
+SkyDrive, Google Drive and SugarSync.... Files can be arranged in folders, copied, renamed, zipped, and
+viewed. You can view the document, read novels, listen to music, view photos, play video, annotate PDF
+and share files in WireShare.
+
+(Copy of the Homepage: https://itunes.apple.com/de/app/wireshare-share-files-your/id527465632 )
+
+
+Abstract Advisory Information:
+==============================
+The Vulnerability Laboratory Research Team discovered multiple persistent input validation web vulnerabilities
+in the Feetan Inc WireShare (Share files with your friends) mobile application v1.9.1 for apple iOS.
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2013-12-01: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Exploitation Technique:
+=======================
+Remote
+
+
+Severity Level:
+===============
+High
+
+
+Technical Details & Description:
+================================
+Multiple persistent input validation web vulnerabilities has been discovered in the WireShare v1.9.1 for apple iOS.
+A persistent input validation web vulnerability allows remote attackers to inject own malicious script codes on the
+application-side (persistent) of the affected application web-server.
+
+The vulnerability is located in the add `New Folder` input field. The vulnerability allows remote attackers to inject
+own malicious script codes on the application-side of the index path/folder listing. The script code execute occurs
+in the index path/folder listing with the vulnerable foldername parameter. The inject can be done local by the device
+via add folder function or by remote inject via web-interface. The second execute occurs when the user is requesting
+to delete the malicious injected script code entry of the folder list. The security risk of the persistent input
+validation web vulnerability in the foldername value is estimated as high(-) with a cvss (common vulnerability scoring
+system) count of 6.4(+)|(-)6.5.
+
+Exploitation of the persistent script code inject vulnerability via POST method request requires low user interaction
+and no privileged web-interface user account. In the default settings is auth of the web-server deactivated and blank.
+
+Request Method(s):
+ [+] POST
+
+Vulnerable Module(s):
+ [+] New Folder (fileListContainer)
+
+Vulnerable Module(s):
+ [+] folder [name value] (targetItem)
+
+Affected Module(s):
+ [+] Folder Index List
+
+
+Proof of Concept (PoC):
+=======================
+The persistent input validation web vulnerability can be exploited by local attackers with physical device access or
+by remote attackers without privileged application user account and low user interaction. For security demonstration
+or to reproduce the vulnerability follow the information and steps below.
+
+
+PoC: Folder Index List - Index
+
+
+
+Name
+Size
+Operation
+
+
- 
- 
- 
+