Skip to main content
  1. Posts/

Ability to control the filename when uploading a logo or favicon on theming

·1 min
Nextcloud bugbounty CVE-2023-28833
When uploading a logo or favicon the filename can be controlled by attacker since the key can be modified which serves as the filename.

Proof of Concept: #

  1. go to http://localhost/settings/admin/theming
  2. upload a logo or favicon
  3. intercept the request using burp
  4. modify the key

References #