Nextcloud: Content Spoofing

2016-06-17T12:33:49
ID H1:145374
Type hackerone
Reporter ashish_pathak
Modified 2016-06-19T12:03:22

Description

Hi i got content spoofing vulnerability .

Content spoofing, also referred to as content injection or virtual defacement, is an attack targeting a user made possible by an injection vulnerability in a web application.

POC Link :- https://nextcloud.com/.htacess%20THIS%20IS%20CONTENT%20SPOOFING

Possible Fix: URL Encode spaces to %20 which will convert spoofing content look like link

Cheers!

Ashish Pathak