[GH-ISSUE #133] Possible XSS vulnerability #488

New issue

Closed

opened 2026-02-27 12:45:11 +03:00 by kerem · 0 comments

kerem commented

2026-02-27 12:45:11 +03:00

Owner

Originally created by @enferas on GitHub (Nov 11, 2021).
Original GitHub issue: https://github.com/HaschekSolutions/pictshare/issues/133

Hello,

I would like to report for XSS vulnerability.

in api/info.php

function getInfoAboutHash

function getInfoAboutHash($hash)
{
    // ...
        
    return array('hash'=>$hash,'size_bytes'=>$size,'size_interpreted'=>$size_hr,'type'=>$type,'type_interpreted'=>getTypeOfFile($file));
}

line 15

$hash = $_REQUEST['hash'];
// ...
    $answer = getInfoAboutHash($hash);
    $answer['status'] = 'ok';
    exit(json_encode($answer));
// ...

exit function will terminate the script and print the message which has $_REQUEST['hash'].
Then there is XSS vulnerability.

Originally created by @enferas on GitHub (Nov 11, 2021). Original GitHub issue: https://github.com/HaschekSolutions/pictshare/issues/133 Hello, I would like to report for XSS vulnerability. in api/info.php function getInfoAboutHash ```php function getInfoAboutHash($hash) { // ... return array('hash'=>$hash,'size_bytes'=>$size,'size_interpreted'=>$size_hr,'type'=>$type,'type_interpreted'=>getTypeOfFile($file)); } ``` line 15 ```php $hash = $_REQUEST['hash']; // ... $answer = getInfoAboutHash($hash); $answer['status'] = 'ok'; exit(json_encode($answer)); // ... ``` exit function will terminate the script and print the message which has $_REQUEST['hash']. Then there is XSS vulnerability.