SolusVM Vulnerability

Liam

/

Jun 16, 2013 @ 1:18 pm

 

/

Comments (13)

/

Share Post Share reddit

In case you have not already heard, SolusVM has a pretty big vulnerability. A few providers have been affected. I urge all providers to immediately address this. More info here.

• Author
• Recent Posts

Liam

Latest posts by Liam (see all)

• How To Create a DNS Server On Ubuntu 18.04 - July 10, 2019
• How To Create a DNS Server On Debian Stretch - June 27, 2019
• How To Install and Use A Plex Media Server On Raspbian Stretch - June 17, 2019

13 Comments

1. 

   G:

   As a client, what should we do?? Wait for the provider to say its ‘fixed’, then reinstall our vps *and* change our password into solusvm?

   Anything else?

   June 16, 2013 @ 3:04 pm | Reply
2. 

   vemacs:

   Most providers are back up.

   More info:

   http://lowendtalk.com/discussion/11187/solusvm-vulnerability#latest
   http://lowendtalk.com/discussion/11191/ramnode-is-down#latest

   June 16, 2013 @ 3:43 pm | Reply
3. 

   Josh:

   Seriously? Did the developer(s) _JUST_ learn PHP or something? That’s such a joke.

   June 16, 2013 @ 8:43 pm | Reply
   • 

     BronzeByte:

     As I told many times before to many people: solus is awful and even kids could do it better security wise

     June 17, 2013 @ 7:03 am | Reply
4. 

   Evo:

   $xc = $db -> query('SELECT * FROM centralbackup WHERE id = \'' . $_POST['deleteid'] . '\'', true);
   

   Query to database directly from the POST ? It’s not even sanitized (not to mention PDO and bind parameters…). This software is supposed to be the “industry standard” …

   June 16, 2013 @ 8:48 pm | Reply
   • 

     Lol:

     Wait till you see the login vuln and admin panel vuln. Ill release those later :)

     June 17, 2013 @ 2:32 pm | Reply
5. 

   John:

   Anyone using SolusVM after today deserves all they get. To all providers: I urge you to ditch it.

   June 16, 2013 @ 11:32 pm | Reply
   • 

     concerto49:

     It’s all about best on the market. This is SolusVM for now. Until it changes, we have to stick with it. Every software has its fair share of issues and exploits. At least Solus reacted.

     June 17, 2013 @ 12:57 am | Reply
6. 

   Lol:

   Attention providers:
   In roughly 12 hours I will be disclosing 3 zero day vulnerabilities on solusvm.
   I suggest you take backups fast or else hackers will abuse this. I have tried contacting solusvm to fix it however I have been ignored.
   They stated the vuln is “not important at this time”
   Good luck.

   June 17, 2013 @ 2:36 pm | Reply
   • 

     Spencer:

     Could you possibly wait for like 20 hours that way I can be awake?

     Thanks!

     June 17, 2013 @ 4:42 pm | Reply
     • 

       Andrew:

       Share the links, haha

       June 18, 2013 @ 1:07 am | Reply
   • 

     Simon:

     SolusVM seems to jump when issues arise so unsure how they would ignore any creditable threat.

     Esp considering your name is lol, I assume its a post to scare users esp considering the industry is mainly company’s trying to provide cheap services, None disclosure of problems just causes headaches an leaves longer for issues to arise an cause problems.

     June 19, 2013 @ 5:06 am | Reply
   • 

     Simon:

     SolusVM confirmed No Zero days was reported to em in past few days; concerning Login pages admin or client.

     This message no wonder name was lol; Its just a wannabe trying to scare industry.

     June 19, 2013 @ 1:33 pm | Reply