Jump to content


Photo

New Uploading Site: Uqload.com

uqload upload

  • This topic is locked This topic is locked
13 replies to this topic

#1 Lukeidiot

Lukeidiot
  • Members
  • PipPipPip
  • Advanced Member
  • 186 posts
  • LocationNew York

Posted 08 October 2012 - 02:15 AM

Hey guys,

I just made a new upload site and would love for you guys to test it for me!

Here is the site: http://uqload.com

Do your best!

Thanks!
Luke
Uqload.com

Languages: PHP / MySQL
Website: Lukeidiot.com


#2 Philip

Philip
  • Staff Alumni
  • Phailip
  • 4,769 posts

Posted 08 October 2012 - 03:38 AM

Waiting on verification link from OP.

Confirmed OP

Edited by Philip, 08 October 2012 - 04:27 AM.


#3 Coreye

Coreye
  • Members
  • PipPipPip
  • PHPHelpCenter.com
  • 539 posts
  • LocationFlorida

Posted 08 October 2012 - 05:34 AM

If you start uploading a file and you leave the page before it's finished it'll say the file uploaded under "Your Uploads" but the file doesn't exist when you try to view it.

Posted Image

Edited by Coreye, 08 October 2012 - 05:36 AM.

PHP Help Center - PHP Help and Security Testing.  :)


#4 kicken

kicken
  • Gurus
  • Wiser? Not exactly.
  • 3,396 posts
  • LocationBonita, FL

Posted 08 October 2012 - 09:43 AM

The front page allows you to select multiple files, and even lists them out, but it only successfully uploads the first file, the rest seem to be ignored. Tested in Firefox and Chrome.
Did I help you out? Feeling generous? I accept tips via Bitcoin @ 14mDxaob8Jgdg52scDbvf3uaeR61tB2yC7
Kicken's World⦄ ⦃Recycle old CD's

#5 MDCode

MDCode
  • Members
  • PipPipPip
  • Advanced Member
  • 645 posts

Posted 08 October 2012 - 12:38 PM

This isn't really a big issue, but when logging in with invalid credentials, the error message seems a bit annoying. The placement and color do not match the site imo. Also it gets overlapped by "Login:"

#6 darkfreaks

darkfreaks
  • Members
  • PipPipPip
  • Advanced Member
  • 4,953 posts
  • LocationAustin,Texas

Posted 09 October 2012 - 04:56 AM

XSS Found:

URL encoded POST input username was set to '"()&%1<ScRiPt >prompt(919175)</ScRiPt>


Solution: use proper validation for username including regex and htmlspecialchars().

#7 Lukeidiot

Lukeidiot
  • Members
  • PipPipPip
  • Advanced Member
  • 186 posts
  • LocationNew York

Posted 11 October 2012 - 02:49 AM

Thanks for the input guys. I will fix accordingly. :)

@darkfreaks, I have added a block to acunetix if the browser referrer contains the word. This is just to block threats (If you used acunetix and its not working anymore, that is the reason why) I say this because I am aware acunetix uses that particular XSS test.

Languages: PHP / MySQL
Website: Lukeidiot.com


#8 kicken

kicken
  • Gurus
  • Wiser? Not exactly.
  • 3,396 posts
  • LocationBonita, FL

Posted 11 October 2012 - 03:15 AM

@darkfreaks, I have added a block to acunetix if the browser referrer contains the word. This is just to block threats (If you used acunetix and its not working anymore, that is the reason why) I say this because I am aware acunetix uses that particular XSS test.


Blocking the testing tool is not the way to pass the test. You pass the test by fixing your site so that it is not vulnerable to XSS anymore. You need to make sure you use htmlentities() when you output user-entered data.



Did I help you out? Feeling generous? I accept tips via Bitcoin @ 14mDxaob8Jgdg52scDbvf3uaeR61tB2yC7
Kicken's World⦄ ⦃Recycle old CD's

#9 Lukeidiot

Lukeidiot
  • Members
  • PipPipPip
  • Advanced Member
  • 186 posts
  • LocationNew York

Posted 18 August 2013 - 06:33 AM

I have completely redone everything! Please re test! :)


Languages: PHP / MySQL
Website: Lukeidiot.com


#10 Irate

Irate
  • Members
  • PipPipPip
  • Advanced Member
  • 358 posts
  • LocationHamburg, Germany
  • Age:17

Posted 18 August 2013 - 01:55 PM

Support button not functioning on mobile browser, tested with Sony Ericsson Xperia Arc S on default browser.

Edit: more important, the whole upload function does not work on a mobile browser.

Edited by Irate, 18 August 2013 - 02:00 PM.

Quod placet mihi non placeat tibi. - What I think to be good must not always equal your perception of it.

I am not perfect. I try a lot with the code I provide and I don't guarantee for it to work as I have mostly no option to test it on my mobile phone. I do apologize for any inconvenience I caused, but if I do happen to have helped, liking my posts or marking them as to have solved or answered your question would be nice.

#11 Lukeidiot

Lukeidiot
  • Members
  • PipPipPip
  • Advanced Member
  • 186 posts
  • LocationNew York

Posted 18 August 2013 - 06:03 PM

Support button not functioning on mobile browser, tested with Sony Ericsson Xperia Arc S on default browser.

Edit: more important, the whole upload function does not work on a mobile browser.

 

It seems to be working on iPhone Chrome, and Safari. As well as Andriod.


Languages: PHP / MySQL
Website: Lukeidiot.com


#12 ignace

ignace
  • Moderators
  • Now mod flavored
  • 6,434 posts

Posted 18 August 2013 - 06:27 PM

Your website is flagged by my antivirus as harmful.

http://browsingprote...p://uqload.com/

Edited by ignace, 18 August 2013 - 06:29 PM.


#13 Lukeidiot

Lukeidiot
  • Members
  • PipPipPip
  • Advanced Member
  • 186 posts
  • LocationNew York

Posted 19 August 2013 - 01:06 AM

Your website is flagged by my antivirus as harmful.

http://browsingprote...p://uqload.com/

 

Yeah I guess people uploaded some questionable files. (which have since been removed.)


Languages: PHP / MySQL
Website: Lukeidiot.com


#14 QuickOldCar

QuickOldCar
  • Moderators
  • Advanced Member
  • 2,995 posts
  • LocationNorthEast Pennsylvania

Posted 18 October 2013 - 12:22 AM

This domain name expired on Oct 02 2013 08:53PM






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users