Associated Vulnerability
Title:ownCloud 安全漏洞 (CVE-2023-49103)Description:An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system. Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should still be a cause for concern. Note that Docker containers from before February 2023 are not vulnerable to the credential disclosure.
Description
This is a simple proof of concept for CVE-2023-49103.
Readme
<div align="center">
# 🇮🇱 **#BringThemHome #NeverAgainIsNow** 🇮🇱
**We demand the safe return of all citizens who have been taken hostage by the terrorist group Hamas. We will not rest until every hostage is released and returns home safely. You can help bring them back home.
https://stories.bringthemhomenow.net/**
[](https://twitter.com/Itsd0r)
</div>
# Exploit for CVE-2023-49103
## Background
ownCloud is a file sharing platform designed for enterprise environments. On November 21, 2023, ownCloud disclosed CVE-2023-49103, an unauthenticated information disclosure vulnerability affecting ownCloud, when a vulnerable extension called “Graph API” (graphapi) is present. If ownCloud has been deployed via Docker, from February 2023 onwards, this vulnerable graphapi component is present by default. If ownCloud has been installed manually, the graphapi component is not present by default.
Searching for ownCloud via Shodan indicates there are at least 12,320 instances on the internet (as of Dec 1, 2023). It is unknown how many of these are currently vulnerable.
File transfer and sharing platforms have come under attack from ransomware groups in the past, making this a target of particular concern, as ownCloud is also a file sharing platform. On November 30, 2023, CISA added CVE-2023-49103 to its known exploitable vulnerabilities (KEV) list, indicating threat actors have begun to exploit this vulnerability in the wild. Rapid7 Labs has observed exploit attempts against at least three customer environments as of writing this blog.
## Vulnerability Details
The vulnerability allows an unauthenticated attacker to leak sensitive information via the output of the PHP function `phpinfo`, when targeting the URI endpoint `/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php`. This output will include environment variables which may hold secrets, such as user names or passwords that are supplied to the ownCloud system. Specifically, when ownCloud is deployed via Docker, it is common practice to pass secrets via environment variables.
It was initially thought that Docker installations of ownCloud were not exploitable. However, Rapid7 researchers confirmed that it is possible to exploit vulnerable Docker-based installations of ownCloud by modifying the requested URI to bypass the existing Apache web server’s rewrite rules, allowing the target URI endpoint to be successfully reached.
File Snapshot
[4.0K] /data/pocs/1d5b218206d444b5810d07a2afcbd6bddf7aa766
├── [1007] PoC.py
└── [2.5K] README.md
0 directories, 2 files
Remarks
1. It is advised to access via the original source first.
2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →