Closed enferas closed 2 years ago
Thank you for the confirmation.
CVE-2021-43683 is assigned to this discovery.
pictshare v1.5 is affected by is affected by a Cross Site Scripting (XSS) vulnerability in api/info.php. The exit function will terminate the script and print the message which has $_REQUEST['hash'].
Do you have a PoC because I can't reproduce as it will just say "file not found" if an invalid hash is supplied
Thank you for your response.
Specific values can pass the json_encode. This example give an alert with me.
<?php
$output = ["A"=>"<img src='#' onerror=alert(1)>","B"=>"Safe"];
echo json_encode($output);
You do realize that the bug was fixed 3 years before you opened the CVE, right? Pictshare 1.5 was released in 2018
@geek-at would be better if you add releases on this repo, so people can easily ask questions and open issues.
I'm open to pull requests if you want to automate it on every push. At the moment the "releases" are basically what's on docker hub.
Rolling updates I find more suitable for a project of this scope because it's easier to manage and faster to update with a git pull if you don't want to use the docker image
Hello,
I would like to report for XSS vulnerability.
in api/info.php
function getInfoAboutHash
line 15
exit function will terminate the script and print the message which has $_REQUEST['hash']. Then there is XSS vulnerability.