Vulners
Lucene search
SHAREit WebShare 2.3.80 Cross Site Scripting
`<!--
Exploit Title: SHAREit WebShare Cross Site Scripting
Vendor Home Page: http://shareit.lenovo.com, http://www.ushareit.com
Software Link: http://shareit.lenovo.com/download.html
Version: 2.3.80
Tested On: IOS 9.1, Windows 7
Date: 08 Dec. 2015
Exploit Author: Mahdi.Hidden
POC:
SHAREit is an app which is used for transferring files. it also has a
WebShare section for
transferring files between PC and Phone without installing any app on PC.
In fact it is web page and you can upload, delete and ... files.
There is a Cross Site Scripting (XSS) vulnerability in this section
(WebShare) and you can use it easily.
When you go to WebShare section in your phone it shows you an URL which is
belong to WebShare. (Ex. : 192.168.1.5)
Open that page and visit the vulnerability:
-->
http://192.168.1.5/list?path=<script>alert(/Mahdi.Hidden/)</script>
<!--
# Mahdi.Hidden
# Ashiyane Digital Security Team
-->
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Dec 2015 00:00Current
7.4High risk
Vulners AI Score7.4