ownCloud: owncloud.help: Text Injection

ID H1:112304
Type hackerone
Reporter geekh
Modified 2016-01-23T07:47:37


Hello i want to report a text injection and a missconfiguration of the 404 page which can be used in phishing Text injection can be used in phishing 404 page should not include attacker text

The bug exists at :


as you can see attacker text is included "It has been changed by a new one https://www.crowdcurity.com so go to the new one since this one was not found on this server."

Fix : just use a 404 page that don't include attacker text just as : hackerone.com,bugcrowd.com do (a 404 page that don't include any externel text hope you fix it