Local Command Inject Vulnerability discovered in iScan Online Mobile v2.0.1 (iOS - Apple)
Yesterday the Vulnerability Laboratory Research Team discovered a local command inject web vulnerability in the official IScan Online Mobile v2.0.1 iOS web-application.
The iscan software checks if your iOS device has been jailbroken, scans standard apps for manipulation, misconfigurations, makes a proof of the firmware version.
The vulnerability is located in the vulnerable `devicename` value of the `Settings` module. Local attackers are able to inject own malicious system specific commands or path value requests in the vulnerable `devicename` value. The execution of the local command inject occurs in the `Device Settings` module of the iscan online mobile application.
Advanced Persistent Threat Golden_hands - Digital Bank Robbery of the Year 2020
Facebook Security - 12.500$ Bug Bounty reward to Security Researcher
Bug Bounty Program Award Winners 2014 - Exclusive Interview by Microsoft & PayPal
Shopify | Buy Button | Persistent Embed POST Inject Vulnerability