Gepard

Flux Control Panel for Hercules

207 posts in this topic

 

Edit: nvm, solved! :)

How did you?

 

Hi Mysterious,

 

Is there a 'Stock' feature in item shop? if no, can your add it?

 

Thanks! 

Share this post


Link to post
Share on other sites

SECURITY HOLES IN FLUX CP! TAKE ATTENTION

Please, close a security hole in fluxcp (any version)

I did post it to rAthena pms to people what still active in development and support of flux, but they ignoring it.

 

The problem in next: anyone can view any account details, paypal details, transaction details, how much a player donate for a server, whem, his private information (First, Last Name), and many more.

 

The hole in /data/ %all files%

You can check it on any server, but for example i will publish only one

[ link removed ]

 

There is another bugs, but i can't remember them, there are many security holes in mail system, in donation module, in vending module.

But nobody listen. That is the biggest problem. People do not care, so i'm publish this information here, and i guess, it will be solved much faster.

 

Have a nice day

 

My server just got hacked, this might be why.

Share this post


Link to post
Share on other sites

Seems the donation module is broken? Anyone have a fix for this?

 

Fixed. Needed to add an additional receiver e-mail. x_x;

Share this post


Link to post
Share on other sites

 

SECURITY HOLES IN FLUX CP! TAKE ATTENTION

Please, close a security hole in fluxcp (any version)

I did post it to rAthena pms to people what still active in development and support of flux, but they ignoring it.

 

The problem in next: anyone can view any account details, paypal details, transaction details, how much a player donate for a server, whem, his private information (First, Last Name), and many more.

 

The hole in /data/ %all files%

You can check it on any server, but for example i will publish only one

[ link removed ]

 

There is another bugs, but i can't remember them, there are many security holes in mail system, in donation module, in vending module.

But nobody listen. That is the biggest problem. People do not care, so i'm publish this information here, and i guess, it will be solved much faster.

 

Have a nice day

 

My server just got hacked, this might be why.

 

exactly.

FluxCP not secure, and never was secure.

A lot of people threating cerescp and other control panels, and think "flux is stable and works fine", but it's not.

There are tons of REPORTED bugs, which or ignored, or removed from the board, a lot of people really don't care, because not they are loosing a real money / reputation :)

 

As for me, i've report about this bugs since 2011, and only few guys was take attention to my words and tried to help. Other people who manage fluxcp repository ALREADY KNOW about the bugs, and really do nothing against them. Maybe they doing it specially to take DB's from servers, or maybe they are just really don't care.

 

My suggestions: 

any static php analyzer will find in any fluxcp revision a lot of security holes, all of them reported.

I'm suggest DO NOT USE fluxCP, this is very bugged... And that is shame to alll (to me too).

Share this post


Link to post
Share on other sites

For a fact, the FluxCP project doesn't really have a maintainer right now. It's an open source project, though, and it's on github, so anyone can make a pull request if there's a bug (and someone will merge it).

 

I have never audited the entire fluxcp code / structure (and probably never will, it's over-complicated), but only parts of it.

Share this post


Link to post
Share on other sites

I agree with Haru. There have been several CPs that I've tested such as Cora and FluxCP is more "over complicated" than simple. I'd be willing to look over the FluxCP any merging any fixes / requests. FluxCP has always had holes =/

Share this post


Link to post
Share on other sites

I agree with Haru. There have been several CPs that I've tested such as Cora and FluxCP is more "over complicated" than simple. I'd be willing to look over the FluxCP any merging any fixes / requests. FluxCP has always had holes =/

Maybe its time to make a new FluxCP?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now