SHAREit WebShare 2.3.80 Cross Site Scripting

Type packetstorm
Reporter Mahdi.Hidden
Modified 2015-12-08T00:00:00


Exploit Title: SHAREit WebShare Cross Site Scripting  
Vendor Home Page:,  
Software Link:  
Version: 2.3.80  
Tested On: IOS 9.1, Windows 7  
Date: 08 Dec. 2015  
Exploit Author: Mahdi.Hidden  
SHAREit is an app which is used for transferring files. it also has a  
WebShare section for  
transferring files between PC and Phone without installing any app on PC.  
In fact it is web page and you can upload, delete and ... files.  
There is a Cross Site Scripting (XSS) vulnerability in this section  
(WebShare) and you can use it easily.  
When you go to WebShare section in your phone it shows you an URL which is  
belong to WebShare. (Ex. :  
Open that page and visit the vulnerability:  
# Mahdi.Hidden  
# Ashiyane Digital Security Team