Headline
AirDisk 7.5.5 Cross Site Scripting
AirDisk version 7.5.5 suffers from a persistent cross site scripting vulnerability.
# Exploit Title: AirDisk 7.5.5 File Manager Stored XSS# Date: Sep 8, 2022# Exploit Author: Chokri Hammedi# Vendor Homepage: https://apps.apple.com/us/developer/felix-yew/id505904424# Software Link:https://apps.apple.com/us/app/airdisk-file-manager/id566530748# Version: 7.5.5# Tested on: iPhone ios 15.61/ Starting the server ( File Transfer > Wi-fi File Transfer )2/ Go to browser3/ Enter the address showing on app eg: http://192.168.1.187:80804/ Create a folder with the name: rose'"><img src=xonerror=alert(document.location)>5/ Refresh.