Ben Phelps Posted June 12, 2007 Share Posted June 12, 2007 The site is just starting out, and I hope it will continue to get bigger. I am just worried about the level of security. Please try to hack, exploit, inject, and anything else you can think of. Just don't crash the site completely, it's live. If you do find some holes please tell me how you did it so I can fix them. http://primaryupload.com/ Link to comment Share on other sites More sharing options...
agentsteal Posted June 12, 2007 Share Posted June 12, 2007 Cross Site Scripting: There is Cross Site Scripting if the Expect header contains code. Cross Site Scripting: There is Cross Site Scripting if you submit code in the drop down menu in Step 2. Cross Site Scripting: There is Cross Site Scripting if your email address contains code. Cross Site Scripting: There is Cross Site Scripting on the 404 page. http://www.primaryupload.com/<marquee><h1>vulnerable</marquee> Drop Down Menu: If you edit the drop down menu in Step 2 you can submit arbitrary values. Null User: You can register a null FileKey. Link to comment Share on other sites More sharing options...
Ben Phelps Posted June 12, 2007 Author Share Posted June 12, 2007 I have fixed the xss problems. But If the filename has special characters or already exists, the download link should work. http://primaryupload.com/a▒ª∟╨²u→ù╨I╖.bat and if you upload a file with the same name it will add a random 3 digit number to the file name. Thanks for the help so far. Link to comment Share on other sites More sharing options...
Wireless102 Posted June 12, 2007 Share Posted June 12, 2007 XSS on the step #2 select Link to comment Share on other sites More sharing options...
killerbng Posted July 4, 2007 Share Posted July 4, 2007 got banned from site checkign out the marquee link just to see what it looked liek LOL nice 1 me Link to comment Share on other sites More sharing options...
jellis Posted July 6, 2007 Share Posted July 6, 2007 There's obviously no data validation on the email input... quite possibly the other inputs too. You're game... very game. Link to comment Share on other sites More sharing options...
LiamProductions Posted July 6, 2007 Share Posted July 6, 2007 I think the site could go far. but when you upload your image url should come up at the end instead of going into email... and maybe one day you could make a login area so users can find there images quick Link to comment Share on other sites More sharing options...
Trium918 Posted July 7, 2007 Share Posted July 7, 2007 What is the purpose of the primary upload? Link to comment Share on other sites More sharing options...
php_tom Posted July 13, 2007 Share Posted July 13, 2007 If you go to http://primaryupload.com/media/process.php you get a bunch of errors that give the user a pretty good idea of how your 'process.php' script works... Probably the best way to fix it is to change the index file in /media/ to something else... or you could turn off error messages... BTW I like how short you were able to make the 'process' script! Link to comment Share on other sites More sharing options...
LiamProductions Posted July 15, 2007 Share Posted July 15, 2007 I like how the site has 3 Servers running off it for image uploading. So if one server is down you can use another one Link to comment Share on other sites More sharing options...
Recommended Posts