User Testing Service. Launched June. Made $1000+ profit in July. 100% Outsourced.

Welcome to the auction for UsabilityTrial.com

Intro

Research shows that over 500 000 websites and 1500 mobile apps are launched every day!

With that in mind, we decided to create this service which gives owners of these new websites and apps access to real users who can test out their platforms before launch and provide feedback.

We launched the business in July and it has since generated 9 sales in July. (proof of income attached)…

User Testing Service. Launched June. Made $ 1000+ profit in July. 100% Outsourced.

Penetration testing: stuck with injecting upload form

I have to do an assignment for a penetration testing exam but i’m a little bit stuck.

Among all the vulnerabilities i have to inject an upload form but it behaves weird, if i upload a file (even an image or similar) it does not do anything so i can’t tell if the file has been uploaded or not, there is no error message , anything useful.

I have a LFI vulnearbility so i can check files in /var/www/html and get the source but i can’t find anything useful, basically i have only .php frontend files :\

What vulnerability can i expect? or are there any tests that i can do?

This is the post request of burp-suite when i upload: https://imgur.com/a/Z7zeFoQ

Thank you 🙂

Responsive websites testing

Hi everyone ,

I'm a web developer, and I've often found myself wasting too much time checking if a responsive website displays properly on all screen sizes.

I feel we have lots of powerful and advanced applications to design and code websites, but there are very few tools to test and debug the behavior of responsive web pages.

I guess many of you have found themselves in my shoes before.

To overcome this problem and make our work easier, I've created slashB, an application that provides…

Responsive websites testing

OWASP Client-Side Testing – How To

In the OWASP Testing Guide, it has a whole section called “Client-Side Testing.” This section has to do with testing for things such as DOM-based XSS, JavaScript execution, HTML injection, Client-Side URL Redirect, etc. The examples in the testing guide for the first four vulnerabilities (the ones I just listed) all include code that access document.location.

My question is, what other ways are there for these kinds of vulnerabilities to be introduced into a web page without accessing document.location? In other words, if a page does not ever access document.location, is it definitely free from these vulnerabilities?

configuring output of testssl for testing ciphers

I’m writing a script in python to automate cipher check using testssl.sh tool. the output JSON presents

 {               "id"           : "service",               "ip"           : "ad4screen.com/130.211.7.4",               "port"         : "443",               "severity"     : "INFO",               "finding"      : "HTTP"           } ,         {               "id"           : "pre_128cipher",               "ip"           : "ad4screen.com/130.211.7.4",               "port"         : "443",               "severity"     : "INFO",               "finding"      : "No 128 cipher limit bug"           } ,         {               "id"           : "cipher-tls1_xc014",               "ip"           : "ad4screen.com/130.211.7.4",               "port"         : "443",               "severity"     : "INFO",               "finding"      : "TLS 1   xc014   ECDHE-RSA-AES256-SHA              ECDH 256   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"           } ,         {               "id"           : "cipher-tls1_x35",               "ip"           : "ad4screen.com/130.211.7.4",               "port"         : "443",               "severity"     : "INFO",               "finding"      : "TLS 1   x35     AES256-SHA                        RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA"           } 

the output json doesn’t really tell the severity, I also used Nmap with cipher NSE script but it doesn’t support JSON output. but it does rank cipher from A (Strong) to F (Weak) . is there a way in testSSL.sh to report in JSON cipher with their rank (weak,strong, etc) ?

the command

testssl.sh -E --severity LOW --jsonfile results ad4screen.com 

it does return empty json i guess because the websites has no cipher with severity equal to low or higher, or I’m wrong ?

TheBestIndexer Free Testing

Hello everyone, we are pleased to present TBI, The Best Indexer backlinks indexing site. We are currently in beta testing and during this time all our services are free!
We will ask those who take advantage of it to give us feedback that we can then post directly on the website : https://thebestindexer.com

For any questions or requests, please comment directly below.

Thank you all and good indexing !