This exploit demonstrates multiple CSRF vulnerabilities in Nextcloud 17, allowing unauthorized actions such as creating/deleting folders, users, and groups via crafted HTTP requests. The PoC includes valid session tokens and cookies, indicating it is functional for authenticated users.
Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target:Nextcloud 17
Auth required
Prerequisites:Valid session cookies and request tokens · Authenticated user context