Hi Team!
I found a Blind XSS can executed on iOS App due to unsanitized webview. Using this issue, attacker can extract information from victim.
##Steps To Reproduce:
{F487447}
{F487448}
HTML payload attached, don’t forget to change IP Address to yours.
Recomendation: Disabling Javascript on WebviewReference:
https://developer.apple.com/documentation/webkit/wkpreferences#//apple_ref/occ/instp/WKPreferences/javaScriptEnabled
In this PoC, attacker can extract information from victim such as IP Address, Location, OS.