For what? Making your security better...
SolusVM, WHMCS, Hostbill are at fault here, not me. I simply abuse the software and find the exploits, I don't develop their shit software.
Its your fault for using the horrible the software in the first place. In my "defense", I used my best-efforts to contact the developers, was ignored. Therefore they're stupid for ignoring me.
As for you Jarland, I really have nothing to say to you, besides without people like me you wouldn't understand the concept of security. If we're going to bash people who expose vulnerabilities, why don't we blame every security researcher/exploiter on the internet; too many to count.
As for suing people, thats just pure out bullshit. The fact you want to sue the person who disclosed them is pure stupidy, you should be sueing the companies for not understanding the concept of security. I really hate when people like you want to say you can sue anyone for any reason, as that just doesn't work for me. You can't simply sue people for assisting in finding security issues.
As for all the companies like SolusVM, WHMCS,hostbill,spbas,etc. that think they're safe, well they're not. They will never be, as long as they still rely on encoders to make them 'un-exploitable' then people will decode + find vulnerabilities and then expose them.
No matter how much you want to deny what I've said here it'd be very hard for you to do that as its all facts that I'm posting. I was asked multiple times to contact them first, so I did, I even showed proof! Then I disclosed some, hell even Humza(Infinity on LET) gave them proof of vulnerabilities, however in a blog post they denied that noone sent them anyone.
Unless companies take credit for they're mistakes then they'll never learn. Now I'm not going to say you can never be 100% "unhackable", because anything written by people can be exploited, reverse engineered, etc. For example, SolusVM knows what it has to do because someone told it what to do in lines of code, however they f**ked up majorly by not sanatizing the variables.
Therefore, referring to the point above, the company who developed the commerical product is at fault, not the security researchers.
Now I feel I've ranted enough at 12:05 AM in the morning.