this was made mostly as just another experimental js-free webapp, but it seems to work better than expected. however, from experience, this usually means there is some gaping security hole I have yet to fall into.

pen testing/suggestions appreciated.

https://i.nest.place/

lol just in time since imgur is done being an image host for non-users apparently:

i like the straightforwardness of it. the one thing that irks me is when i refresh the upload page or navigate back to that my browser seems to be caching the file chosen.. i seem to have to close the tab out to load a page with it empty.

im not super great with pentesting, but i've also been working on a small image host/mirror project and was curious what/if anything you do on the backend to 'validate' submitted images? for example i know you can do some steganography stuff with pngs and append extra content like a zip file at the end of one. i guess something like that technically isn't malicious to host unless a user actually pokes around with the file that way, which at that point is their fault, but still. one other thing i've heard when looking into this kind of app is apparently there can be some cross-origin type attacks when the api for uploading content is the same server/domain as the cdn for viewing it. not sure how it works or if its a concern on modern browsers but it may be worth looking into

The upload page should now redirect to the home page after a minute of inactivity. I have also increased the file size limit to 100MB.

1. So after submitting an image, why does the [copy] and [copy direct] have the same link? Not sure what the purpose of ether link is.

2. Can one browse other uploaded images?

3. Will it host a gif? (Don't have one to test with atm)

4. Will image links from this site work here?

• It would appear so.

i notice the image load times are pretty bulky. you could put it behind the cloudflare free tier to get some performance boost.

This provides an interesting result on google.com.

site:nest.place 1..9999999

Edit:

This is funny.

1. They don't, one links to the main page with in insert of the image, one links to the file itself; e.g.

https://i.nest.place?i=17480971 vs https://i.nest.place/view.php?i=17480971

2. mm, not really what I made it for

3. Yes

Only thing I can think of is that the domain nest.place was used previously for.. aforementioned interesting purposes.

anti.lgbt

Just as an announcement of sorts, everything under the nest.place domain has been taken offline indefinitely. If there is anything (particularly from i.nest.place) that you wish to save, pm me and I can make it happen (until some as of yet undetermined point in the future, at which such data shall cease to exist).

content has been deleted