logo by user c1

basement
community

search

wall of shame

software break my jank-ass image host

joined feb 22, 2023

avatar

Do not induce vomiting if swallowed.

joined feb 22, 2023

this was made mostly as just another experimental js-free webapp, but it seems to work better than expected. however, from experience, this usually means there is some gaping security hole I have yet to fall into.

pen testing/suggestions appreciated.

https://i.nest.place/

posted 4/21/2023, 4:01 am

joined dec 4, 2022

avatar

joined dec 4, 2022

lol just in time since imgur is done being an image host for non-users apparently:

imgur hosting

posted 4/21/2023, 6:14 am

joined apr 10, 2023

avatar

im sorry

joined apr 10, 2023

i like the straightforwardness of it. the one thing that irks me is when i refresh the upload page or navigate back to that my browser seems to be caching the file chosen.. i seem to have to close the tab out to load a page with it empty.

im not super great with pentesting, but i've also been working on a small image host/mirror project and was curious what/if anything you do on the backend to 'validate' submitted images? for example i know you can do some steganography stuff with pngs and append extra content like a zip file at the end of one. i guess something like that technically isn't malicious to host unless a user actually pokes around with the file that way, which at that point is their fault, but still. one other thing i've heard when looking into this kind of app is apparently there can be some cross-origin type attacks when the api for uploading content is the same server/domain as the cdn for viewing it. not sure how it works or if its a concern on modern browsers but it may be worth looking into

posted 4/21/2023, 10:38 pm

joined feb 22, 2023

avatar

Do not induce vomiting if swallowed.

joined feb 22, 2023

quoting dimes:

the one thing that irks me is when i refresh the upload page or navigate back to that my browser seems to be caching the file chosen.. i seem to have to close the tab out to load a page with it empty.

The upload page should now redirect to the home page after a minute of inactivity. I have also increased the file size limit to 100MB.

posted 4/26/2023, 2:14 pm

joined feb 17, 2023

avatar

A computer once beat me at chess, but it was no match for me at kick boxing. - Emo Phillips

joined feb 17, 2023

  1. So after submitting an image, why does the [copy] and [copy direct] have the same link? Not sure what the purpose of ether link is.

  2. Can one browse other uploaded images?

  3. Will it host a gif? (Don't have one to test with atm)

  4. Will image links from this site work here?

  • It would appear so. test image

posted 4/27/2023, 8:02 pm

joined dec 4, 2022

avatar

joined dec 4, 2022

i notice the image load times are pretty bulky. you could put it behind the cloudflare free tier to get some performance boost.

posted 4/27/2023, 8:07 pm

joined feb 17, 2023

avatar

A computer once beat me at chess, but it was no match for me at kick boxing. - Emo Phillips

joined feb 17, 2023

This provides an interesting result on google.com.

site:nest.place 1..9999999

Edit:

This is funny. Imgur

edited 4/27/2023, 8:28 pm

joined feb 22, 2023

avatar

Do not induce vomiting if swallowed.

joined feb 22, 2023

quoting RevD:

  1. So after submitting an image, why does the [copy] and [copy direct] have the same link? Not sure what the purpose of ether link is.

  2. Can one browse other uploaded images?

  3. Will it host a gif? (Don't have one to test with atm)

  4. Will image links from this site work here?

  1. They don't, one links to the main page with in insert of the image, one links to the file itself; e.g.

https://i.nest.place?i=17480971 [image doesn't display because it's not a direct link] vs https://i.nest.place/view.php?i=17480971 image does display

  1. mm, not really what I made it for

  2. Yes

posted 4/27/2023, 8:30 pm

joined feb 22, 2023

avatar

Do not induce vomiting if swallowed.

joined feb 22, 2023

quoting RevD:

This provides an interesting result on google.com.

site:nest.place 1..9999999

Only thing I can think of is that the domain nest.place was used previously for.. aforementioned interesting purposes.

posted 4/27/2023, 8:33 pm

joined aug 28, 2023

avatar

joined aug 28, 2023

user is banned.

anti.lgbt

posted 8/28/2023, 8:18 pm

joined feb 22, 2023

avatar

Do not induce vomiting if swallowed.

joined feb 22, 2023

Just as an announcement of sorts, everything under the nest.place domain has been taken offline indefinitely. If there is anything (particularly from i.nest.place) that you wish to save, pm me and I can make it happen (until some as of yet undetermined point in the future, at which such data shall cease to exist).

posted 9/2/2023, 6:11 am

deleted_user

joined some time ago

avatar

deleted_user

joined some time ago

content has been deleted

posted 9/28/2023, 9:21 pm

software break my jank-ass image host