amuck-landowner

SolusVM failure - CSRF exploit

netnub

New Member
I had time to decode SolusVM fully, I'll say one thing: Security.

It has many security issues once you peer inside the code, I've spotted a CSRF exploit already.

I won't post where the exploit is, but if anyone wants to see the code, let me know. I did also decode WHMCS 5.2.3 and it looks like WHMCS + SolusVM were both coded by the same person (the style + the shittiness of it).
 
Last edited by a moderator:

jarland

The ocean is digital
I would say shame on you for decoding it, but if you can then who can't, and if you found a security exploit well... I'd say your effort wasn't for nothing. Report this to SolusVM ASAP, if you haven't already.
 

netnub

New Member
I would say shame on you for decoding it, but if you can then who can't, and if you found a security exploit well... I'd say your effort wasn't for nothing. Report this to SolusVM ASAP, if you haven't already.
Yeah, I plan on reporting it once I get time, as it effects the latest version of SolusVM.

However, I don't see issues with decoding it. just like I decoded hostbill, whmcs, gamecpx, and many more software, I did this just for research reasons(finding bugs, reporting them). (P.S. SolusVM code is shitty, they finally are using PDO, unlike older versions).
 

shovenose

New Member
Verified Provider
I don't think there is anything wrong with decoding software if you check it for vulnerabilities, report them, and delete it.
 

Aldryic C'boas

The Pony
Apart from the fact that you are not physically stealing anything, or hurting anyone in any way. I would say that it is more of a "myster-shopper" thing than stealing. Stealing is obsurd.
I'll attempt to be less subtle with my sarcasm.  The point is, having a contrived 'justification' doesn't actually negate the action taking place.
 

bfj

New Member
Removed Dupe due to weird ..................................
 
Last edited by a moderator:

bfj

New Member
I would say that it is more of a "myster-shopper" thing than stealing. Stealing is obsurd.
Wasn't that whole mystery shopper deal a big scam, which would con people into paying them to get "in" and have them buy items and never get reimbursed for them?
 
Last edited by a moderator:

Francisco

Company Lube
Verified Provider
Wasn't that whole mystery shopper deal a big scam, which would con people into paying them to get "in" and have them buy items and never get reimbursed for them?
It's still a thing up here and it seems to be popular & well handled. My mom works for 'the hudson bay company' and she catches wind when a mystery shopper was through.

Francisco
 

Afterburst-Charlie

New Member
Verified Provider
This does indeed sound interesting, have you proceeded to contact the appropriate persons to get these issues resolved? Is the beta-releases affected by these exploits as well?
 
Top
amuck-landowner