LowEndBox - Cheap VPS, Hosting and Dedicated Server Deals

SolusVM Vulnerability

Date/Time: June 16, 2013 @ 1:18 pm, by Liam

In case you have not already heard, SolusVM has a pretty big vulnerability. A few providers have been affected. I urge all providers to immediately address this. More info here.

13 Comments

  1. G:

    As a client, what should we do?? Wait for the provider to say its ‘fixed’, then reinstall our vps *and* change our password into solusvm?

    Anything else?

    June 16, 2013 @ 3:04 pm | Reply
  2. Josh:

    Seriously? Did the developer(s) _JUST_ learn PHP or something? That’s such a joke.

    June 16, 2013 @ 8:43 pm | Reply
    • BronzeByte:

      As I told many times before to many people: solus is awful and even kids could do it better security wise

      June 17, 2013 @ 7:03 am | Reply
  3. $xc = $db -> query('SELECT * FROM centralbackup WHERE id = \'' . $_POST['deleteid'] . '\'', true);
    

    Query to database directly from the POST ? It’s not even sanitized (not to mention PDO and bind parameters…). This software is supposed to be the “industry standard” …

    June 16, 2013 @ 8:48 pm | Reply
    • Lol:

      Wait till you see the login vuln and admin panel vuln. Ill release those later :)

      June 17, 2013 @ 2:32 pm | Reply
  4. John:

    Anyone using SolusVM after today deserves all they get. To all providers: I urge you to ditch it.

    June 16, 2013 @ 11:32 pm | Reply
    • It’s all about best on the market. This is SolusVM for now. Until it changes, we have to stick with it. Every software has its fair share of issues and exploits. At least Solus reacted.

      June 17, 2013 @ 12:57 am | Reply
  5. Lol:

    Attention providers:
    In roughly 12 hours I will be disclosing 3 zero day vulnerabilities on solusvm.
    I suggest you take backups fast or else hackers will abuse this. I have tried contacting solusvm to fix it however I have been ignored.
    They stated the vuln is “not important at this time”
    Good luck.

    June 17, 2013 @ 2:36 pm | Reply
    • Spencer:

      Could you possibly wait for like 20 hours that way I can be awake?

      Thanks!

      June 17, 2013 @ 4:42 pm | Reply
    • Simon:

      SolusVM seems to jump when issues arise so unsure how they would ignore any creditable threat.

      Esp considering your name is lol, I assume its a post to scare users esp considering the industry is mainly company’s trying to provide cheap services, None disclosure of problems just causes headaches an leaves longer for issues to arise an cause problems.

      June 19, 2013 @ 5:06 am | Reply
    • Simon:

      SolusVM confirmed No Zero days was reported to em in past few days; concerning Login pages admin or client.

      This message no wonder name was lol; Its just a wannabe trying to scare industry.

      June 19, 2013 @ 1:33 pm | Reply

Leave a Reply

Some notes on commenting on LowEndBox:

  • Do not use LowEndBox for support issues. Go to your hosting provider and issue a ticket there. Coming here saying "my VPS is down, what do I do?!" will only have your comments removed.
  • Akismet is used for spam detection. Some comments may be held temporarily for manual approval.
  • Use <pre>...</pre> to quote the output from your terminal/console, or consider using a pastebin service.

Your email address will not be published. Required fields are marked *