Search...

Nextcloud: Invalid request may lead content spoofing for phishing

2017-03-13T11:40:54

ID H1:213056
Type hackerone
Reporter d4rk_g1rl
Modified 2017-04-12T18:00:59

Description

HI,

I found that site have invalid request may lead to content spoof.

Proof Of Concept:

https://logs.nextcloud.com/redirect_uri?And_move_t0_malicioussite.com

Thanks,

JSON Vulners Source

Initial Source

{"id": "H1:213056", "hash": "139dd81fdbfbf6a9f12c863b5c595c37", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Nextcloud: Invalid request may lead content spoofing for phishing", "description": "HI,\n\nI found that site have invalid request may lead to content spoof.\n\nProof Of Concept:\n\nhttps://logs.nextcloud.com/redirect_uri?And_move_t0_malicioussite.com\n\nThanks,", "published": "2017-03-13T11:40:54", "modified": "2017-04-12T18:00:59", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/213056", "reporter": "d4rk_g1rl", "references": [], "cvelist": [], "lastseen": "2018-08-23T04:36:08", "history": [{"bulletin": {"id": "H1:213056", "hash": "39b1623a1851d0709e4323514921d0b5033fe6f4d8a173c48e12a42efc34836b", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Nextcloud: Invalid request may lead content spoofing for phishing", "description": "HI,\n\nI found that site have invalid request may lead to content spoof.\n\nProof Of Concept:\n\nhttps://logs.nextcloud.com/redirect_uri?And_move_t0_malicioussite.com\n\nThanks,", "published": "2017-03-13T11:40:54", "modified": "2017-04-12T18:00:59", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/213056", "reporter": "d4rk_g1rl", "references": [], "cvelist": [], "lastseen": "2018-02-07T16:57:59", "history": [], "viewCount": 7, "enchantments": {"score": {"modified": "2018-02-07T16:57:59", "value": 8.5, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:N/"}}, "objectVersion": "1.4", "bounty": 0.0, "bountyState": "resolved", "h1team": {"handle": "nextcloud", "profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/production/000/013/291/1d2ac8991616fcd3e3cdd567d02b7e70e20a3883_medium.png?1491410731", "small": "https://profile-photos.hackerone-user-content.com/production/000/013/291/5d33b6e08fad356e1743fd899fe7d6dda9971209_small.png?1491410731"}, "url": "https://hackerone.com/nextcloud"}, "h1reporter": {"disabled": false, "hacker_mediation": false, "hackerone_triager": false, "is_me?": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/139/996/a32135b2394da8ac02f233b1a95701054cd75461_small.jpg?1512882768"}, "url": "/d4rk_g1rl", "username": "d4rk_g1rl"}}, "differentElements": ["h1team", "h1reporter"], "edition": 4, "lastseen": "2018-02-07T16:57:59"}, {"bulletin": {"id": "H1:213056", "hash": "4206567dafba24eb81e9ca410d92820ec73cfc85426e0fc5e4f23d09136bb072", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Nextcloud: Invalid request may lead content spoofing for phishing", "description": "HI,\n\nI found that site have invalid request may lead to content spoof.\n\nProof Of Concept:\n\nhttps://logs.nextcloud.com/redirect_uri?And_move_t0_malicioussite.com\n\nThanks,", "published": "2017-03-13T11:40:54", "modified": "2017-04-12T18:00:59", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/213056", "reporter": "d4rk_g1rl", "references": [], "cvelist": [], "lastseen": "2018-04-19T17:34:08", "history": [], "viewCount": 7, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "objectVersion": "1.4", "bounty": 0.0, "bountyState": "resolved", "h1team": {"handle": "nextcloud", "profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/000/013/291/1d2ac8991616fcd3e3cdd567d02b7e70e20a3883_medium.png?1491410731", "small": "https://profile-photos.hackerone-user-content.com/000/013/291/5d33b6e08fad356e1743fd899fe7d6dda9971209_small.png?1491410731"}, "url": "https://hackerone.com/nextcloud"}, "h1reporter": {"disabled": false, "hacker_mediation": false, "hackerone_triager": false, "is_me?": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/139/996/a32135b2394da8ac02f233b1a95701054cd75461_small.jpg?1512882768"}, "url": "/d4rk_g1rl", "username": "d4rk_g1rl"}}, "differentElements": ["h1reporter"], "edition": 5, "lastseen": "2018-04-19T17:34:08"}, {"bulletin": {"id": "H1:213056", "hash": "fa96bf1b6d8ed361ff3b85389bd00fd5b7fc4d36e10e688b71d7a0b166406c5f", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Nextcloud: Invalid request may lead content spoofing for phishing", "description": "HI,\n\nI found that site have invalid request may lead to content spoof.\n\nProof Of Concept:\n\nhttps://logs.nextcloud.com/redirect_uri?And_move_t0_malicioussite.com\n\nThanks,", "published": "2017-03-13T11:40:54", "modified": "2017-04-12T18:00:59", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/213056", "reporter": "d4rk_g1rl", "references": [], "cvelist": [], "lastseen": "2018-07-04T15:20:43", "history": [], "viewCount": 8, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "objectVersion": "1.4", "bounty": 0.0, "bountyState": "resolved", "h1team": {"handle": "nextcloud", "profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/000/013/291/1d2ac8991616fcd3e3cdd567d02b7e70e20a3883_medium.png?1491410731", "small": "https://profile-photos.hackerone-user-content.com/000/013/291/5d33b6e08fad356e1743fd899fe7d6dda9971209_small.png?1491410731"}, "url": "https://hackerone.com/nextcloud"}, "h1reporter": {"disabled": false, "hacker_mediation": false, "hackerone_triager": false, "is_me?": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/139/996/7f2ae743a34f6c0e30422c808a6634a8e80c027c_small.jpg?1530702703"}, "url": "/d4rk_g1rl", "username": "d4rk_g1rl"}}, "differentElements": ["h1reporter"], "edition": 7, "lastseen": "2018-07-04T15:20:43"}, {"bulletin": {"id": "H1:213056", "hash": "2b79d96c69e6a8bc78ce0b82584f76f701347b5adb1a0197e260acb6ab0c3c1c", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Nextcloud: Invalid request may lead content spoofing for phishing", "description": "HI,\n\nI found that site have invalid request may lead to content spoof.\n\nProof Of Concept:\n\nhttps://logs.nextcloud.com/redirect_uri?And_move_t0_malicioussite.com\n\nThanks,", "published": "2017-03-13T11:40:54", "modified": "1970-01-01T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/213056", "reporter": "d4rk_g1rl", "references": [], "cvelist": [], "lastseen": "2017-08-28T23:19:23", "history": [], "viewCount": 7, "enchantments": {}, "objectVersion": "1.4", "bounty": 0.0, "bountyState": "resolved", "h1team": {"handle": "nextcloud", "profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/production/000/013/291/1d2ac8991616fcd3e3cdd567d02b7e70e20a3883_medium.png?1491410731", "small": "https://profile-photos.hackerone-user-content.com/production/000/013/291/5d33b6e08fad356e1743fd899fe7d6dda9971209_small.png?1491410731"}, "url": "https://hackerone.com/nextcloud"}, "h1reporter": {"disabled": false, "hacker_mediation": false, "is_me?": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/139/996/05b636cfe61b21439078020fb4706e84d8a2195f_small.jpg?1496998419"}, "url": "/d4rk_g1rl", "username": "d4rk_g1rl"}}, "differentElements": ["modified"], "edition": 2, "lastseen": "2017-08-28T23:19:23"}, {"bulletin": {"id": "H1:213056", "hash": "a8a273e418208b69b58acad94691ce6f118d16ec2dab22a5aaf53bb2313d0e68", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Nextcloud: Invalid request may lead content spoofing for phishing", "description": "HI,\n\nI found that site have invalid request may lead to content spoof.\n\nProof Of Concept:\n\nhttps://logs.nextcloud.com/redirect_uri?And_move_t0_malicioussite.com\n\nThanks,", "published": "2017-03-13T11:40:54", "modified": "2017-04-12T18:00:59", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/213056", "reporter": "d4rk_g1rl", "references": [], "cvelist": [], "lastseen": "2017-08-29T13:11:25", "history": [], "viewCount": 7, "enchantments": {"score": {"modified": "2017-08-29T13:11:25", "value": 4.0}}, "objectVersion": "1.4", "bounty": 0.0, "bountyState": "resolved", "h1team": {"handle": "nextcloud", "profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/production/000/013/291/1d2ac8991616fcd3e3cdd567d02b7e70e20a3883_medium.png?1491410731", "small": "https://profile-photos.hackerone-user-content.com/production/000/013/291/5d33b6e08fad356e1743fd899fe7d6dda9971209_small.png?1491410731"}, "url": "https://hackerone.com/nextcloud"}, "h1reporter": {"disabled": false, "hacker_mediation": false, "is_me?": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/139/996/05b636cfe61b21439078020fb4706e84d8a2195f_small.jpg?1496998419"}, "url": "/d4rk_g1rl", "username": "d4rk_g1rl"}}, "differentElements": ["h1reporter"], "edition": 3, "lastseen": "2017-08-29T13:11:25"}, {"bulletin": {"id": "H1:213056", "hash": "dbf9af8762b9cf576a63a2a5caae3771577e38c11a71dd37154de6af90c73193", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Nextcloud: Invalid request may lead content spoofing for phishing", "description": "HI,\n\nI found that site have invalid request may lead to content spoof.\n\nProof Of Concept:\n\nhttps://logs.nextcloud.com/redirect_uri?And_move_t0_malicioussite.com\n\nThanks,", "published": "2017-03-13T11:40:54", "modified": "1970-01-01T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/213056", "reporter": "d4rk_g1rl", "references": [], "cvelist": [], "lastseen": "2017-08-22T11:09:35", "history": [], "viewCount": 7, "enchantments": {}, "objectVersion": "1.4", "bounty": 0.0, "bountyState": "resolved", "h1team": {"handle": "nextcloud", "profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/production/000/013/291/1d2ac8991616fcd3e3cdd567d02b7e70e20a3883_medium.png?1491410731", "small": "https://profile-photos.hackerone-user-content.com/production/000/013/291/5d33b6e08fad356e1743fd899fe7d6dda9971209_small.png?1491410731"}, "url": "https://hackerone.com/nextcloud"}, "h1reporter": {"disabled": false, "hacker_mediation": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/139/996/05b636cfe61b21439078020fb4706e84d8a2195f_small.jpg?1496998419"}, "url": "/d4rk_g1rl", "username": "d4rk_g1rl"}}, "differentElements": ["h1reporter"], "edition": 1, "lastseen": "2017-08-22T11:09:35"}, {"bulletin": {"id": "H1:213056", "hash": "8add640513eef9e1a6daf43c184e38110955b4629c493b873301e2f67aafe248", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Nextcloud: Invalid request may lead content spoofing for phishing", "description": "HI,\n\nI found that site have invalid request may lead to content spoof.\n\nProof Of Concept:\n\nhttps://logs.nextcloud.com/redirect_uri?And_move_t0_malicioussite.com\n\nThanks,", "published": "2017-03-13T11:40:54", "modified": "2017-04-12T18:00:59", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/213056", "reporter": "d4rk_g1rl", "references": [], "cvelist": [], "lastseen": "2018-07-03T01:25:30", "history": [], "viewCount": 7, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "objectVersion": "1.4", "bounty": 0.0, "bountyState": "resolved", "h1team": {"handle": "nextcloud", "profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/000/013/291/1d2ac8991616fcd3e3cdd567d02b7e70e20a3883_medium.png?1491410731", "small": "https://profile-photos.hackerone-user-content.com/000/013/291/5d33b6e08fad356e1743fd899fe7d6dda9971209_small.png?1491410731"}, "url": "https://hackerone.com/nextcloud"}, "h1reporter": {"disabled": false, "hacker_mediation": false, "hackerone_triager": false, "is_me?": false, "profile_picture_urls": {"small": "/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}, "url": "/d4rk_g1rl", "username": "d4rk_g1rl"}}, "differentElements": ["h1reporter"], "edition": 6, "lastseen": "2018-07-03T01:25:30"}], "viewCount": 8, "enchantments": {"score": {"value": 0.1, "vector": "NONE", "modified": "2018-08-23T04:36:08"}, "dependencies": {"references": [], "modified": "2018-08-23T04:36:08"}, "vulnersScore": 0.1}, "objectVersion": "1.4", "bounty": 0.0, "bountyState": "resolved", "h1team": {"handle": "nextcloud", "profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/000/013/291/1d2ac8991616fcd3e3cdd567d02b7e70e20a3883_medium.png?1491410731", "small": "https://profile-photos.hackerone-user-content.com/000/013/291/5d33b6e08fad356e1743fd899fe7d6dda9971209_small.png?1491410731"}, "url": "https://hackerone.com/nextcloud"}, "h1reporter": {"disabled": false, "hacker_mediation": false, "hackerone_triager": false, "is_me?": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/139/996/30539a790bf9d1407eccb9d25f4895fb4dbd01d2_small.jpg?1534980216"}, "url": "/d4rk_g1rl", "username": "d4rk_g1rl"}, "_object_type": "robots.models.hackerone.HackerOneBulletin", "_object_types": ["robots.models.hackerone.HackerOneBulletin", "robots.models.base.Bulletin"]}

Nextcloud: Invalid request may lead content spoofing for phishing

Description

HI, I found that site have invalid request may lead to content spoof. Proof Of Concept: https://logs.nextcloud.com/redirect_uri?And_move_t0_malicioussite.com Thanks,

HI,

I found that site have invalid request may lead to content spoof.

Proof Of Concept:

https://logs.nextcloud.com/redirect_uri?And_move_t0_malicioussite.com

Thanks,