Share
## https://sploitus.com/exploit?id=037522CA-054F-53F7-B556-E1D62910EF30
<div align="center">


 #  🇮🇱  **#BringThemHome #NeverAgainIsNow**   🇮🇱

**We demand the safe return of all citizens who have been taken hostage by the terrorist group Hamas. We will not rest until every hostage is released and returns home safely. You can help bring them back home.
https://stories.bringthemhomenow.net/**


[![Twitter](https://img.shields.io/badge/Twitter-1DA1F2?style=for-the-badge&logo=twitter&logoColor=white)](https://twitter.com/Itsd0r)
</div>
# Exploit for CVE-2023-49103

## Background

ownCloud is a file sharing platform designed for enterprise environments. On November 21, 2023, ownCloud disclosed CVE-2023-49103, an unauthenticated information disclosure vulnerability affecting ownCloud, when a vulnerable extension called “Graph API” (graphapi) is present. If ownCloud has been deployed via Docker, from February 2023 onwards, this vulnerable graphapi component is present by default. If ownCloud has been installed manually, the graphapi component is not present by default.

Searching for ownCloud via Shodan indicates there are at least 12,320 instances on the internet (as of Dec 1, 2023). It is unknown how many of these are currently vulnerable.

File transfer and sharing platforms have come under attack from ransomware groups in the past, making this a target of particular concern, as ownCloud is also a file sharing platform. On November 30, 2023, CISA added CVE-2023-49103 to its known exploitable vulnerabilities (KEV) list, indicating threat actors have begun to exploit this vulnerability in the wild. Rapid7 Labs has observed exploit attempts against at least three customer environments as of writing this blog.

## Vulnerability Details

The vulnerability allows an unauthenticated attacker to leak sensitive information via the output of the PHP function `phpinfo`, when targeting the URI endpoint `/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php`. This output will include environment variables which may hold secrets, such as user names or passwords that are supplied to the ownCloud system. Specifically, when ownCloud is deployed via Docker, it is common practice to pass secrets via environment variables.

It was initially thought that Docker installations of ownCloud were not exploitable. However, Rapid7 researchers confirmed that it is possible to exploit vulnerable Docker-based installations of ownCloud by modifying the requested URI to bypass the existing Apache web server’s rewrite rules, allowing the target URI endpoint to be successfully reached.