search

Nextcloud

Note!!! Приглядитесь к репортам на h1, некоторым вулнам не назначали cve

hashtag
1.Recon

hashtag
find version

https://target/status.php

hashtag
find api

https://target/ocs-provider/

hashtag
Nextcloud Detection

nuclei -u target -t nextcloud-detect.yaml

hashtag
2.Exploit

hashtag
brureforce api

https://target/public.php/webdav
https://target/remote.php/dav/files/USERNAME/

hashtag
Nextcloud Exposed Installation

nuclei -u target -t nextcloud-install.yaml

hashtag
3. Recommend

disable the web-based upgrader simply set 'upgrade.disable-web' => true, in nextcloud’s config.php with this result:

hashtag
4. Reports

hashtag
Nextcloud program at HackerOne

  1. Code injection possible with malformed Nextcloud Talk chat commandsarrow-up-right to Nextcloud - 314 upvotes, $3000

  2. User can delete data in shared folders he's not autorized to accessarrow-up-right to Nextcloud - 165 upvotes, $250

  3. Access to all files of remote user through shared filearrow-up-right to Nextcloud - 149 upvotes, $750

  4. Attacker can obtain write access to any federated share/public linkarrow-up-right to Nextcloud - 135 upvotes, $4000

  5. Missing ownership check on remote wipe endpointarrow-up-right to Nextcloud - 127 upvotes, $500

  6. Remote Code Execution via Extract App Pluginarrow-up-right to Nextcloud - 121 upvotes, $0

  7. Re-Sharing allows increase of privilegesarrow-up-right to Nextcloud - 90 upvotes, $750

  8. No rate limiting for confirmation email lead to huge Mass mailingsarrow-up-right to Nextcloud - 78 upvotes, $0

  9. User deletion is not handled properly everywherearrow-up-right to Nextcloud - 75 upvotes, $1000

  10. Arbitrary SQL command injectionarrow-up-right to Nextcloud - 73 upvotes, $500

  11. Nextcloud Desktop Client RCE via malicious URI schemesarrow-up-right to Nextcloud - 72 upvotes, $1000

  12. File-drop content is visible through the gallery apparrow-up-right to Nextcloud - 68 upvotes, $500

  13. Arbitrary code execution in desktop client via OpenSSL configarrow-up-right to Nextcloud - 59 upvotes, $100

  14. Extremly simple way to bypass Nextcloud-Client PIN/Fingerprint lockarrow-up-right to Nextcloud - 56 upvotes, $100

  15. Default Nextcloud Server and Android Client leak sharee searches to Nextcloudarrow-up-right to Nextcloud - 53 upvotes, $750

  16. Clear text storage of proxy parameters and passwordsarrow-up-right to Nextcloud - 53 upvotes, $250

  17. Stored XSS in collabora via user namearrow-up-right to Nextcloud - 48 upvotes, $0

  18. Two-factor authentication enforcement bypassarrow-up-right to Nextcloud - 46 upvotes, $750

  19. SSL certificate not validated when registering with a providerarrow-up-right to Nextcloud - 42 upvotes, $300

  20. Memory Leak in OCUtil.dll library in Desktop client can lead to DoSarrow-up-right to Nextcloud - 40 upvotes, $100

  21. [Reflected XSS] In Request URLarrow-up-right to Nextcloud - 37 upvotes, $50

  22. Remote code execution via path traversal in Zip extraction in the Extract apparrow-up-right to Nextcloud - 37 upvotes, $0

  23. http://www.nextcloud.com/wp-includes/js/swfupload/swfupload.swf allows open redirect / site defacementarrow-up-right to Nextcloud - 37 upvotes, $0

  24. Scoped apptokens can be changed by that very apptokenarrow-up-right to Nextcloud - 36 upvotes, $1000

  25. Expired reshare links allow access to all files in sharearrow-up-right to Nextcloud - 36 upvotes, $400

  26. No session logout after changing password & alsoandroid sessions not shown in sessions list so they can be deletedarrow-up-right to Nextcloud - 35 upvotes, $50

  27. Cross site scripting - XSRF Tokenarrow-up-right to Nextcloud - 32 upvotes, $0

  28. 2FA Session not expires after the password resetarrow-up-right to Nextcloud - 31 upvotes, $50

  29. SQL Injection found in NextCloud Android App Content Providerarrow-up-right to Nextcloud - 30 upvotes, $150

  30. Group admins can remove arbitrary data from "data" directory (including admin data)arrow-up-right to Nextcloud - 30 upvotes, $150

  31. Passwords being stored as plain text in loggingarrow-up-right to Nextcloud - 30 upvotes, $0

  32. I am because bugarrow-up-right to Nextcloud - 29 upvotes, $0

  33. Reflected XSS in error pages (NC-SA-2017-008)arrow-up-right to Nextcloud - 28 upvotes, $450

  34. Code injection in macOS Desktop Client arrow-up-rightto Nextcloud - 28 upvotes, $250

  35. Database error shown to the user when using a long guest name in richdocumentsarrow-up-right to Nextcloud - 28 upvotes, $0

  36. CSRF vulnerability that allows an attacker to modify encryption settingsarrow-up-right to Nextcloud - 27 upvotes, $0

  37. Persistent XSS via filename in projectsarrow-up-right to Nextcloud - 23 upvotes, $150

  38. Blind Stored XSS on iOS App due to Unsanitized Webviewarrow-up-right to Nextcloud - 23 upvotes, $100

  39. Leak arbitrary file under nextcloud android client privacy directoryarrow-up-right to Nextcloud - 23 upvotes, $100

  40. Bypass of privacy filter / tracking pixel blockerarrow-up-right to Nextcloud - 23 upvotes, $100

hashtag
refrencess

PreviousMS ExchangeNextSMTP

Last updated