Nextcloud: Email Spoofing

2017-01-24T12:22:08
ID H1:200762
Type hackerone
Reporter khalidamin
Modified 2017-01-25T14:01:02

Description

Hi there,

Similar to this report submitted to Hackerone itself: https://hackerone.com/reports/575

You also are vulnerable to email spoofing.

Steps to reproduce: 1- Go to https://emkei.cz ( A Fake Mailer ) 2- Set the from to parameter as support@nextcloud.com or any other name, and send it. 3- The email is sent with any content you'd like to add as the message.

Thanks.