Flux Control Panel for Hercules

Edit: nvm, solved!
default_smile.png
How did you?

 
SECURITY HOLES IN FLUX CP! TAKE ATTENTION

Please, close a security hole in fluxcp (any version)

I did post it to rAthena pms to people what still active in development and support of flux, but they ignoring it.

The problem in next: anyone can view any account details, paypal details, transaction details, how much a player donate for a server, whem, his private information (First, Last Name), and many more.

The hole in /data/ %all files%

You can check it on any server, but for example i will publish only one

[ link removed ]

There is another bugs, but i can't remember them, there are many security holes in mail system, in donation module, in vending module.

But nobody listen. That is the biggest problem. People do not care, so i'm publish this information here, and i guess, it will be solved much faster.

Have a nice day
My server just got hacked, this might be why.

 
Seems the donation module is broken? Anyone have a fix for this?

Fixed. Needed to add an additional receiver e-mail. x_x;

 
Last edited by a moderator:
SECURITY HOLES IN FLUX CP! TAKE ATTENTION

Please, close a security hole in fluxcp (any version)

I did post it to rAthena pms to people what still active in development and support of flux, but they ignoring it.

The problem in next: anyone can view any account details, paypal details, transaction details, how much a player donate for a server, whem, his private information (First, Last Name), and many more.

The hole in /data/ %all files%

You can check it on any server, but for example i will publish only one

[ link removed ]

There is another bugs, but i can't remember them, there are many security holes in mail system, in donation module, in vending module.

But nobody listen. That is the biggest problem. People do not care, so i'm publish this information here, and i guess, it will be solved much faster.

Have a nice day
My server just got hacked, this might be why.
exactly.

FluxCP not secure, and never was secure.

A lot of people threating cerescp and other control panels, and think "flux is stable and works fine", but it's not.

There are tons of REPORTED bugs, which or ignored, or removed from the board, a lot of people really don't care, because not they are loosing a real money / reputation
default_smile.png


As for me, i've report about this bugs since 2011, and only few guys was take attention to my words and tried to help. Other people who manage fluxcp repository ALREADY KNOW about the bugs, and really do nothing against them. Maybe they doing it specially to take DB's from servers, or maybe they are just really don't care.

My suggestions: 

any static php analyzer will find in any fluxcp revision a lot of security holes, all of them reported.

I'm suggest DO NOT USE fluxCP, this is very bugged... And that is shame to alll (to me too).

 
For a fact, the FluxCP project doesn't really have a maintainer right now. It's an open source project, though, and it's on github, so anyone can make a pull request if there's a bug (and someone will merge it).

I have never audited the entire fluxcp code / structure (and probably never will, it's over-complicated), but only parts of it.

 
I agree with Haru. There have been several CPs that I've tested such as Cora and FluxCP is more "over complicated" than simple. I'd be willing to look over the FluxCP any merging any fixes / requests. FluxCP has always had holes =/

 
I agree with Haru. There have been several CPs that I've tested such as Cora and FluxCP is more "over complicated" than simple. I'd be willing to look over the FluxCP any merging any fixes / requests. FluxCP has always had holes =/
Maybe its time to make a new FluxCP?

 
Hello Everyone,

Could you please help me to fix the fluxcp Email Verification issue.

i have enabled Email verification and able to receive confirmation on link, but the problem is, created user can login InGame without Email confirmation.

 
Back
Top