Content Injection 404 page

Disclosed: 2016-06-19 12:22:53 By testest To nextcloud

Unknown

Vulnerability Details

Hi there, Similar as report #145344 and #145532 it's possbile to spoof the 404 page using http. PoC URL: http://nextcloud.com/has%2f%20been%20changed%20to%20https://www.ATTACKER.COM.%20so%20please%20visit%20https://www.ATTACKER.COM%20as%20your%20requested%20link Note: If this redirects you to https, clear the cache or use another browser. If you need more information, let me know. Thanks!

Actions

View on HackerOne

Report Stats

Report ID: 145849
State: Closed
Substate: resolved
Upvotes: 2

Content Injection 404 page

Vulnerability Details

Actions

Report Stats

Share this report