Lucene search
IshahriyarH1:145463HistoryJun 17, 2016 - 4:31 p.m.
Nextcloud: Nextcloud server software: Content Spoofing
2016-06-1716:31:11
ishahriyar
hackerone.com
$50
31
0.004 Low
EPSS
Percentile
73.7%
In Nextcloud the “dir” parameter is vulnerable to content spoofing attack.
If anyone puts a valid directory name in dir parameter then it goes that directory other wise it redirects
to the home directory (/)
By putting ../../ in dir parameter I was able to stop the redirect then I had put some messages after that and that messages reflected with the same given format.
So here an attacker can send his messages directly through url.
Poc link
http://192.168.0.118/nextcloud/index.php/apps/files/?dir=../../Welcome+to+Nexcloud+You+can+get+pro+account+by+navigating+this+example.com
Thanks.
Related
osv
osv
CVE-2016-9460
2017-03-28 02:59:00
nvd
nvd
CVE-2016-9460
2017-03-28 02:59:00
prion
prion
Spoofing
2017-03-28 02:59:00
cvelist
cvelist
CVE-2016-9460
2017-03-28 02:46:00
nextcloud
nextcloud
Content-Spoofing in "files" app (NC-SA-2016-003)
2016-07-19 00:00:00
cve
cve
CVE-2016-9460
2017-03-28 02:59:00
ubuntucve
ubuntucve
CVE-2016-9460
2017-03-28 00:00:00
openvas
openvas
Nextcloud 'share.js' Gallery Application XSS Vulnerability - Windows
2016-09-27 00:00:00
Nextcloud 'share.js' Gallery Application XSS Vulnerability - Linux
2016-09-27 00:00:00