Jump to content

Archived

This topic is now archived and is closed to further replies.

Lukeidiot

New Uploading Site: Uqload.com

Recommended Posts

Hey guys,

 

I just made a new upload site and would love for you guys to test it for me!

 

Here is the site: http://uqload.com

 

Do your best!

 

Thanks!

Luke

Uqload.com

Share this post


Link to post
Share on other sites

Waiting on verification link from OP.

 

Confirmed OP

Share this post


Link to post
Share on other sites

If you start uploading a file and you leave the page before it's finished it'll say the file uploaded under "Your Uploads" but the file doesn't exist when you try to view it.

 

bvc.png

Share this post


Link to post
Share on other sites

The front page allows you to select multiple files, and even lists them out, but it only successfully uploads the first file, the rest seem to be ignored. Tested in Firefox and Chrome.

Share this post


Link to post
Share on other sites

This isn't really a big issue, but when logging in with invalid credentials, the error message seems a bit annoying. The placement and color do not match the site imo. Also it gets overlapped by "Login:"

Share this post


Link to post
Share on other sites

XSS Found:

 

URL encoded POST input username was set to '"()&%1<ScRiPt >prompt(919175)</ScRiPt>

 

 

Solution: use proper validation for username including regex and htmlspecialchars().

Share this post


Link to post
Share on other sites

Thanks for the input guys. I will fix accordingly. :)

 

@darkfreaks, I have added a block to acunetix if the browser referrer contains the word. This is just to block threats (If you used acunetix and its not working anymore, that is the reason why) I say this because I am aware acunetix uses that particular XSS test.

Share this post


Link to post
Share on other sites

@darkfreaks, I have added a block to acunetix if the browser referrer contains the word. This is just to block threats (If you used acunetix and its not working anymore, that is the reason why) I say this because I am aware acunetix uses that particular XSS test.

 

Blocking the testing tool is not the way to pass the test. You pass the test by fixing your site so that it is not vulnerable to XSS anymore. You need to make sure you use htmlentities() when you output user-entered data.

 

 

 

Share this post


Link to post
Share on other sites

Support button not functioning on mobile browser, tested with Sony Ericsson Xperia Arc S on default browser.

 

Edit: more important, the whole upload function does not work on a mobile browser.

Share this post


Link to post
Share on other sites

Support button not functioning on mobile browser, tested with Sony Ericsson Xperia Arc S on default browser.

 

Edit: more important, the whole upload function does not work on a mobile browser.

 

It seems to be working on iPhone Chrome, and Safari. As well as Andriod.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.