Nextcloud: Content Spoofing/Text Injection in https://demo.nextcloud.com

2017-04-19T04:07:33
ID H1:222058
Type hackerone
Reporter smit
Modified 2017-04-28T07:23:08

Description

Greetings,

Hello Team, I have found a Content Spoofing/Text Injection on this domain https://demo.nextcloud.com

PoC URL:https://demo.nextcloud.com/wp-content/cache/minify/%0d%0ahas%20moved%20to%20www.attacker.com.Please%20visit%20attacker.com%20present%20resource

PoC Screen Shot:

Let me know if you need more information.

Cheers!

Regards, @smit