Content spoofing due to the improper behavior of the 403 page

Disclosed: 2017-05-18 15:24:44 By t-pwn To nextcloud

Unknown

Vulnerability Details

Content spoofing, also referred to as content injection or virtual defacement, is an attack targeting a user made possible by an injection vulnerability in a web application. PoC: https://usercontent.apps.nextcloud.com/.htaccess***********this%20page%20has%20moved%20to%20http://evil.com%20*************** thanks.

Actions

View on HackerOne

Report Stats

Report ID: 214340
State: Closed
Substate: resolved
Upvotes: 6

Content spoofing due to the improper behavior of the 403 page

Vulnerability Details

Actions

Report Stats

Share this report