Exploit Title: SHAREit WebShare Cross Site Scripting
Vendor Home Page: http://shareit.lenovo.com, http://www.ushareit.com
Software Link: http://shareit.lenovo.com/download.html
Tested On: IOS 9.1, Windows 7
Date: 08 Dec. 2015
Exploit Author: Mahdi.Hidden
SHAREit is an app which is used for transferring files. it also has a
WebShare section for
transferring files between PC and Phone without installing any app on PC.
In fact it is web page and you can upload, delete and ... files.
There is a Cross Site Scripting (XSS) vulnerability in this section
(WebShare) and you can use it easily.
When you go to WebShare section in your phone it shows you an URL which is
belong to WebShare. (Ex. : 192.168.1.5)
Open that page and visit the vulnerability:
# Ashiyane Digital Security Team