Lukeidiot Posted October 8, 2012 Share Posted October 8, 2012 Hey guys, I just made a new upload site and would love for you guys to test it for me! Here is the site: http://uqload.com Do your best! Thanks! Luke Uqload.com Link to comment https://forums.phpfreaks.com/topic/269207-new-uploading-site-uqloadcom/ Share on other sites More sharing options...
Philip Posted October 8, 2012 Share Posted October 8, 2012 (edited) Waiting on verification link from OP. Confirmed OP Edited October 8, 2012 by Philip Link to comment https://forums.phpfreaks.com/topic/269207-new-uploading-site-uqloadcom/#findComment-1383616 Share on other sites More sharing options...
Coreye Posted October 8, 2012 Share Posted October 8, 2012 (edited) If you start uploading a file and you leave the page before it's finished it'll say the file uploaded under "Your Uploads" but the file doesn't exist when you try to view it. Edited October 8, 2012 by Coreye Link to comment https://forums.phpfreaks.com/topic/269207-new-uploading-site-uqloadcom/#findComment-1383627 Share on other sites More sharing options...
kicken Posted October 8, 2012 Share Posted October 8, 2012 The front page allows you to select multiple files, and even lists them out, but it only successfully uploads the first file, the rest seem to be ignored. Tested in Firefox and Chrome. Link to comment https://forums.phpfreaks.com/topic/269207-new-uploading-site-uqloadcom/#findComment-1383646 Share on other sites More sharing options...
MDCode Posted October 8, 2012 Share Posted October 8, 2012 This isn't really a big issue, but when logging in with invalid credentials, the error message seems a bit annoying. The placement and color do not match the site imo. Also it gets overlapped by "Login:" Link to comment https://forums.phpfreaks.com/topic/269207-new-uploading-site-uqloadcom/#findComment-1383659 Share on other sites More sharing options...
darkfreaks Posted October 9, 2012 Share Posted October 9, 2012 XSS Found: URL encoded POST input username was set to '"()&%1<ScRiPt >prompt(919175)</ScRiPt> Solution: use proper validation for username including regex and htmlspecialchars(). Link to comment https://forums.phpfreaks.com/topic/269207-new-uploading-site-uqloadcom/#findComment-1383873 Share on other sites More sharing options...
Lukeidiot Posted October 11, 2012 Author Share Posted October 11, 2012 Thanks for the input guys. I will fix accordingly. @darkfreaks, I have added a block to acunetix if the browser referrer contains the word. This is just to block threats (If you used acunetix and its not working anymore, that is the reason why) I say this because I am aware acunetix uses that particular XSS test. Link to comment https://forums.phpfreaks.com/topic/269207-new-uploading-site-uqloadcom/#findComment-1384389 Share on other sites More sharing options...
kicken Posted October 11, 2012 Share Posted October 11, 2012 @darkfreaks, I have added a block to acunetix if the browser referrer contains the word. This is just to block threats (If you used acunetix and its not working anymore, that is the reason why) I say this because I am aware acunetix uses that particular XSS test. Blocking the testing tool is not the way to pass the test. You pass the test by fixing your site so that it is not vulnerable to XSS anymore. You need to make sure you use htmlentities() when you output user-entered data. Link to comment https://forums.phpfreaks.com/topic/269207-new-uploading-site-uqloadcom/#findComment-1384395 Share on other sites More sharing options...
Lukeidiot Posted August 18, 2013 Author Share Posted August 18, 2013 I have completely redone everything! Please re test! Link to comment https://forums.phpfreaks.com/topic/269207-new-uploading-site-uqloadcom/#findComment-1445586 Share on other sites More sharing options...
Irate Posted August 18, 2013 Share Posted August 18, 2013 (edited) Support button not functioning on mobile browser, tested with Sony Ericsson Xperia Arc S on default browser. Edit: more important, the whole upload function does not work on a mobile browser. Edited August 18, 2013 by Irate Link to comment https://forums.phpfreaks.com/topic/269207-new-uploading-site-uqloadcom/#findComment-1445626 Share on other sites More sharing options...
Lukeidiot Posted August 18, 2013 Author Share Posted August 18, 2013 Support button not functioning on mobile browser, tested with Sony Ericsson Xperia Arc S on default browser. Edit: more important, the whole upload function does not work on a mobile browser. It seems to be working on iPhone Chrome, and Safari. As well as Andriod. Link to comment https://forums.phpfreaks.com/topic/269207-new-uploading-site-uqloadcom/#findComment-1445670 Share on other sites More sharing options...
ignace Posted August 18, 2013 Share Posted August 18, 2013 (edited) Your website is flagged by my antivirus as harmful. http://browsingprotection.f-secure.com/swp/result?url=http%3A%2F%2Fuqload.com%2F Edited August 18, 2013 by ignace Link to comment https://forums.phpfreaks.com/topic/269207-new-uploading-site-uqloadcom/#findComment-1445674 Share on other sites More sharing options...
Lukeidiot Posted August 19, 2013 Author Share Posted August 19, 2013 Your website is flagged by my antivirus as harmful. http://browsingprotection.f-secure.com/swp/result?url=http%3A%2F%2Fuqload.com%2F Yeah I guess people uploaded some questionable files. (which have since been removed.) Link to comment https://forums.phpfreaks.com/topic/269207-new-uploading-site-uqloadcom/#findComment-1445717 Share on other sites More sharing options...
QuickOldCar Posted October 18, 2013 Share Posted October 18, 2013 This domain name expired on Oct 02 2013 08:53PM Link to comment https://forums.phpfreaks.com/topic/269207-new-uploading-site-uqloadcom/#findComment-1454372 Share on other sites More sharing options...
Recommended Posts