Jump to content
sleed

[XSS + SQLI ] OwnCloud

By sleed, in Bug Bounty

Recommended Posts

sleed Newbie

sleed

Posted
Posted

Vendor: https://owncloud.com

Vuln.: Stored XSS + S.Q.L.i

PoC:

2i1jvo9.png

rcvxck.png

107j7ra.png

Raportat + Raspuns + H.O.F:

From: Lukas Reschke <lukas@statuscode.ch>

Subject: Re: [security] [XSS + SQLi] https://owncloud.com

Date: May 22, 2015 at 10:36:25 AM GMT+2

To: Sleed <sleed_rst@*******.com>

Cc: "security@owncloud.com" <security@owncloud.com>

Hi Ilca,

Thank you for disclosing this vulnerability in a responsible way to us. We were able to reproduce this and have escalated this report to the website team.

Meanwhile please let us know how you want to be credited on our HoF. – As soon as a fix is staged on our production instance we will add you to this page as well as get back to you with a heads-up.

Thanks again!

Lukas

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...