rookie0
commented
4 years ago The problem may be not exist, this app use nextcloud api to readfile and output, and nextcloud can ensure the security.
Closed djsime1 closed 4 years ago
rookie0
commented
4 years ago The problem may be not exist, this app use nextcloud api to readfile and output, and nextcloud can ensure the security.
There is a indirect security vulnerability that can be exposed by this app. This app allows for users to directly share executable files such as .php, .js, .cgi, etc. If a user uploads a PHP file with malicious code, shares it via sharing path, and loads the document, it presents a very easy to access method of executing code on the server. My idea to prevent this is by adding a whitelist/blacklist option to administrators that restrict what file types can be shared via direct link.