Comments (7)
geek-at
commented on June 12, 2024
Cannot confirm because the script will return {"status":"err","reason":"File not found"} if the hash is invalid see here because of line 17
But I did find another small bug that if you leave the hash variable out, it was telling you the size of the data folder
Thanks!
from pictshare.
enferas
commented on June 12, 2024
Thank you for the confirmation.
CVE-2021-43683 is assigned to this discovery.
pictshare v1.5 is affected by is affected by a Cross Site Scripting (XSS) vulnerability in api/info.php. The exit function will terminate the script and print the message which has $_REQUEST['hash'].
from pictshare.
geek-at
commented on June 12, 2024
Do you have a PoC because I can't reproduce as it will just say "file not found" if an invalid hash is supplied
from pictshare.
enferas
commented on June 12, 2024
Thank you for your response.
Specific values can pass the json_encode.
This example give an alert with me.
<?php
$output = ["A"=>"<img src='#' onerror=alert(1)>","B"=>"Safe"];
echo json_encode($output);from pictshare.
geek-at
commented on June 12, 2024
You do realize that the bug was fixed 3 years before you opened the CVE, right? Pictshare 1.5 was released in 2018
from pictshare.
vitalijalbu
commented on June 12, 2024
@geek-at would be better if you add releases on this repo, so people can easily ask questions and open issues.
from pictshare.
geek-at
commented on June 12, 2024
I'm open to pull requests if you want to automate it on every push. At the moment the "releases" are basically what's on docker hub.
Rolling updates I find more suitable for a project of this scope because it's easier to manage and faster to update with a git pull if you don't want to use the docker image
from pictshare.
Related Issues (20)
- how to customize allow file types ? HOT 1
- Image corruption
- Not Found HOT 3
- Automatic WebP HOT 1
- Cannot find my uploaded images on my FTP server HOT 4
- can i integrate this as api with nodejs or python? HOT 1
- FeatureRequest: SVG hosting HOT 2
- CORS issue when uploading via browser HOT 5
- Support for other FileTypes ? HOT 1
- S3 backup is broken: Call to undefined function is_defined() HOT 1
- [Q/discussion] DDOS possibility HOT 6
- file not found HOT 4
- Retention policy feature HOT 1
- Make the API respond with the Content-Type: application/json
- Reason: Unsupported filetype: x-matroska HOT 5
- Restricting uploading (password protection?) HOT 1
- AVIF support
- Fork me on GitHub img reference is dead
- Upload forbidden error HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pictshare.