thebeet / idevicekit Goto Github PK
View Code? Open in Web Editor NEWNodeJs wrapper for libimobiledevice
License: Other
idevicekit's People
Contributors
Stargazers
Watchers
idevicekit's Issues
huntr.dev - Command Injection
This issue has been generated on-behalf of Mik317 (https://huntr.dev/app/users/Mik317)
Vulnerability Description
Affected versions execute arbitrary commands remotely inside the victim's PC. The issue occurs because user input is formatted inside a command that will be executed without any checks. There is a possible bypass of the _checkSerial function leading to malicious serial variable content injection. Then, the serial variable is concatenated inside a command executed through the exec function, leading to RCE. The issue arises here:
https://github.com/thebeet/idevicekit/blob/master/index.js#L11
https://github.com/thebeet/idevicekit/blob/master/index.js#L39
Bug Bounty
We have opened up a bounty for this issue on our bug bounty platform. Want to solve this vulnerability and get rewarded ๐ฐ? Go to https://huntr.dev/
Add license file
Project is missing a software license.
Please add a license file
element parse error: Error: invalid tagName:http:
Hi there! Thanks for this amazing library, Node bindings make working with C libraries much simpler for me. I am able to list my connected device, however, attempting to use methods such as getBasicInformation, getBattery etc yields an error:
// brew install libimobiledevice
// brew install ideviceinstaller
const idevicekit = require('idevicekit');
void async function() {
for (const serial of await idevicekit.listDevices()) {
console.log(serial);
console.log(await idevicekit.getBattery(serial));
}
}()This prints the serial correctly, but then this error occurs:
[xmldom error] element parse error: Error: invalid tagName:http:
@#[line:44,col:11]
(node:63374) UnhandledPromiseRejectionWarning: Unhandled promise rejection (rejection id: 1): TypeError: Cannot read property 'nodeName' of null
I am not sure how to access the raw XML string to see why it trips up the XML parser. If you guide me on how to obtain it, I will be happy to attach it to this issue for further debugging.
XS, XSMax, iPad Pro serial ID regex
let _checkSerial = (serial) => { return /^[a-z0-9]{40,40}$/.test(serial); };
This works only till A11 SoC.
let _checkSerial = (serial) => { return /^[a-z0-9]{40,40}$/ || /^[A-Z0-9]{8}-[A-Z0-9]{16}$/i.test(serial); }; - this should fix the issue.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.