Nextcloud: Invalid request may lead content spoofing for phishing

2017-03-13T11:40:54
ID H1:213056
Type hackerone
Reporter d4rk_g1rl
Modified 2017-04-12T18:00:59

Description

HI,

I found that site have invalid request may lead to content spoof.

Proof Of Concept:

https://logs.nextcloud.com/redirect_uri?And_move_t0_malicioussite.com

Thanks,