# SolusVM failure - CSRF exploit



## netnub (Apr 19, 2013)

I had time to decode SolusVM fully, I'll say one thing: Security.

It has many security issues once you peer inside the code, I've spotted a CSRF exploit already.

I won't post where the exploit is, but if anyone wants to see the code, let me know. I did also decode WHMCS 5.2.3 and it looks like WHMCS + SolusVM were both coded by the same person (the style + the shittiness of it).


----------



## SeriesN (Apr 20, 2013)

Can you please elaborate what you found?


----------



## jarland (Apr 20, 2013)

I would say shame on you for decoding it, but if you can then who can't, and if you found a security exploit well... I'd say your effort wasn't for nothing. Report this to SolusVM ASAP, if you haven't already.


----------



## netnub (Apr 22, 2013)

jarland said:


> I would say shame on you for decoding it, but if you can then who can't, and if you found a security exploit well... I'd say your effort wasn't for nothing. Report this to SolusVM ASAP, if you haven't already.


Yeah, I plan on reporting it once I get time, as it effects the latest version of SolusVM.

However, I don't see issues with decoding it. just like I decoded hostbill, whmcs, gamecpx, and many more software, I did this just for research reasons(finding bugs, reporting them). (P.S. SolusVM code is shitty, they finally are using PDO, unlike older versions).


----------



## Awmusic12635 (May 3, 2013)

Did you ever get around to reporting this?


----------



## notFound (May 9, 2013)

Is this you CurtisG?


----------



## shovenose (May 13, 2013)

I don't think there is anything wrong with decoding software if you check it for vulnerabilities, report them, and delete it.


----------



## Aldryic C'boas (May 15, 2013)

I don't see any problem with robbing a store if you check the currency for counterfeiting, report it, and return the cash.


----------



## bfj (May 15, 2013)




----------



## Aldryic C'boas (May 15, 2013)

Aye, some of the justifications for decoding are just... yeah.


----------



## Coastercraze (May 16, 2013)




----------



## blergh (May 16, 2013)




----------



## Aldryic C'boas (May 16, 2013)

blergh said:


> Apart from the fact that you are not physically stealing anything, or hurting anyone in any way. I would say that it is more of a "myster-shopper" thing than stealing. Stealing is obsurd.


I'll attempt to be less subtle with my sarcasm.  The point is, having a contrived 'justification' doesn't actually negate the action taking place.


----------



## bfj (May 16, 2013)

Removed Dupe due to weird ..................................


----------



## bfj (May 16, 2013)

blergh said:


> I would say that it is more of a "myster-shopper" thing than stealing. Stealing is obsurd.


Wasn't that whole mystery shopper deal a big scam, which would con people into paying them to get "in" and have them buy items and never get reimbursed for them?


----------



## Francisco (May 16, 2013)

bfj said:


> Wasn't that whole mystery shopper deal a big scam, which would con people into paying them to get "in" and have them buy items and never get reimbursed for them?


It's still a thing up here and it seems to be popular & well handled. My mom works for 'the hudson bay company' and she catches wind when a mystery shopper was through.

Francisco


----------



## Afterburst-Charlie (May 16, 2013)

This does indeed sound interesting, have you proceeded to contact the appropriate persons to get these issues resolved? Is the beta-releases affected by these exploits as well?


----------

