NapalM
Junior Poster
Posts: 40
|
Post by NapalM on Feb 3, 2011 0:22:40 GMT
UPLOADD.inRethink Uploading! Introducing: Uploadd.in! Customizable, Simplistic, and FREE uploading like you have never used before. Build your own upload website OR create your own personal backup/upload galore! Some call us "The PROBOARDS of UPLOADING." or "The SAVIOR from CONTROLLING UPLOAD/BACK UP COMPANIES!." FREE ACCOUNTS (basic) - 1 GB Free of space - 200 TOTAL uploads - Advertisement supported - FREE back-up tools - FREE Header Footer - FREE Configuration Settings - FREE Upload management tools + MORE! SILVER ACCOUNTS ($5 a month) - 5 GB Free of space - 500 TOTAL uploads - Advertisement Free - FREE back-up tools - FREE Header Footer - FREE Configuration Settings - FREE Upload management tools + MORE! GOLD ACCOUNTS ($10 a month) - 10 GB Free of space - 500 TOTAL uploads - Advertisement Free - Advanced Support - FREE back-up tools - FREE Header Footer - FREE Configuration Settings - FREE Upload management tools + MORE!
|
|
xcessive
Epic Poster
.[M:5000]
Posts: 526
|
Post by xcessive on Feb 3, 2011 1:15:48 GMT
You should probably let people know you spam their accounts with adds and only allow 3 file types. Also your email validation system is broken, not too mention you send incorrect links that 404.
|
|
NapalM
Junior Poster
Posts: 40
|
Post by NapalM on Feb 3, 2011 1:31:34 GMT
I spam their accounts? wtf? I clearly state that free accounts are advertisement supported. 2 ads on their site, and 1 on the main dashboard.
I give each account the option to set the uploads to WHAT EVER they want. ON DEFAULT i believe its set to allow 4? types. jpg png bmp and gif i believe its set to. The only file types that i block from being uploaded are php extensions, and other harmful types to the server.
The validation system works fine. Every account is activated but one. Can i have your account name?
What links are broken to a 404? EDIT: I see what missing link you are talking about...for the URL right? i for got an s in the url. Thank you for pointing that out.
|
|
xcessive
Epic Poster
.[M:5000]
Posts: 526
|
Post by xcessive on Feb 3, 2011 1:45:36 GMT
Your validation system does not work fine. You can't have done thorough testing. It fails to send me a validation code when I use a temporary email. Heres the email: "You again... Lets not loose the code this time. k? tnx. Please just Confirm Your Email and we are ready to go!"
"ON DEFAULT" you only allow .jpg, .gif, and .png, is it weird that I know that and you don't? Although due too your poor security and light server side checking I found a way to upload any file type baring (so far) .php and .pl. GIFAR seems to work, I wonder if raw "ar" (clever play on words here) files will, if they do that means anyone can upload a trojan, or ANY program via any upload port.
Not too mention the ability to bypass file checking means all of your users can have people uploading whatever they want no matter what settings they choose.
Also what I meant was you did not tell people HERE in this ad that you spam their free accounts with ads. You might want to do that lest more people complain. Also I dont count having a subtext in 6pt font saying "* All free accounts are limited to 200 uploads per account, and are advertisement supported. Once registered, you may upgrade your account within the control panel." clearly stated.
|
|
NapalM
Junior Poster
Posts: 40
|
Post by NapalM on Feb 3, 2011 2:16:58 GMT
Your validation system does not work fine. You can't have done thorough testing. It fails to send me a validation code when I use a temporary email. Heres the email: "You again... Lets not loose the code this time. k? tnx. Please just Confirm Your Email and we are ready to go!" "ON DEFAULT" you only allow .jpg, .gif, and .png, is it weird that I know that and you don't? Although due too your poor security and light server side checking I found a way to upload any file type baring (so far) .php and .pl. GIFAR seems to work, I wonder if raw "ar" (clever play on words here) files will, if they do that means anyone can upload a trojan, or ANY program via any upload port. Not too mention the ability to bypass file checking means all of your users can have people uploading whatever they want no matter what settings they choose. Also what I meant was you did not tell people HERE in this ad that you spam their free accounts with ads. You might want to do that lest more people complain. Also I dont count having a subtext in 6pt font saying "* All free accounts are limited to 200 uploads per account, and are advertisement supported. Once registered, you may upgrade your account within the control panel." clearly stated. Thanks for pointing a couple things out. Ill deff bold that they are 200 upload max/ad supported a bit clearer... yeah the client side checking sucks, im planning on fixing that soon. just forgot (been swamped) also, mind PMing me on ways you bypassed the serverside checking so i can improve? Do you not allow HTML within your emails, the link for the acctivation on the request is on where it says Please just Confirm Your Email and we are ready to go! I need to fix this issue. I forgot about non-html emails thanks for pointing this out. Also, FREE ACCOUNTS (basic) - 1 GB Free of space - 200 TOTAL uploads - Advertisement supported - FREE back-up tools - FREE Header Footer - FREE Configuration Settings - FREE Upload management tools + MORE! i clearly state that in this advertisement
|
|
xcessive
Epic Poster
.[M:5000]
Posts: 526
|
Post by xcessive on Feb 3, 2011 2:31:10 GMT
30% of email accounts don't allow html emails. I will PM how I bypassed security.
|
|
NapalM
Junior Poster
Posts: 40
|
Post by NapalM on Feb 3, 2011 2:33:31 GMT
30% of email accounts don't allow html emails. I will PM how I bypassed security. thank you kind sir.
|
|
xcessive
Epic Poster
.[M:5000]
Posts: 526
|
Post by xcessive on Feb 3, 2011 2:44:16 GMT
30% of email accounts don't allow html emails. I will PM how I bypassed security. thank you kind sir. I haven't finished exploiting your security flaws . I still need to try a host of simple hacks.
|
|
NapalM
Junior Poster
Posts: 40
|
Post by NapalM on Feb 3, 2011 2:45:48 GMT
I haven't finished exploiting your security flaws . I still need to try a host of simple hacks. Well i mean the two that you had showed me i already knew about... this is not my first upload site, i just have not finished alot of the security yet haha
|
|
xcessive
Epic Poster
.[M:5000]
Posts: 526
|
Post by xcessive on Feb 3, 2011 3:03:59 GMT
Nor is it my first time probing for security flaws in an upload site. EDIT: Check your PMs.
|
|