Content spoofing due to the improper behavior of the 403 page

Disclosed: 2017-05-18 16:46:17 By t-pwn To nextcloud

Unknown

Vulnerability Details

Content spoofing, also referred to as content injection or virtual defacement, is an attack targeting a user made possible by an injection vulnerability in a web application. PoC: https://demo.nextcloud.com/.htaccess&&&&&&&&&&&&&%20this%20page%20is%20moved%20to%20http://evil.com/exploit.php%20&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& thanks.

Actions

View on HackerOne

Report Stats

Report ID: 212770
State: Closed
Substate: resolved
Upvotes: 5

Content spoofing due to the improper behavior of the 403 page

Vulnerability Details

Actions

Report Stats

Share this report