Jump to content
Gepard

Flux Control Panel for Hercules

Recommended Posts

 

Edit: nvm, solved! :)

How did you?

 

Hi Mysterious,

 

Is there a 'Stock' feature in item shop? if no, can your add it?

 

Thanks! 

Share this post


Link to post
Share on other sites

SECURITY HOLES IN FLUX CP! TAKE ATTENTION

Please, close a security hole in fluxcp (any version)

I did post it to rAthena pms to people what still active in development and support of flux, but they ignoring it.

 

The problem in next: anyone can view any account details, paypal details, transaction details, how much a player donate for a server, whem, his private information (First, Last Name), and many more.

 

The hole in /data/ %all files%

You can check it on any server, but for example i will publish only one

[ link removed ]

 

There is another bugs, but i can't remember them, there are many security holes in mail system, in donation module, in vending module.

But nobody listen. That is the biggest problem. People do not care, so i'm publish this information here, and i guess, it will be solved much faster.

 

Have a nice day

 

My server just got hacked, this might be why.

Share this post


Link to post
Share on other sites

 

SECURITY HOLES IN FLUX CP! TAKE ATTENTION

Please, close a security hole in fluxcp (any version)

I did post it to rAthena pms to people what still active in development and support of flux, but they ignoring it.

 

The problem in next: anyone can view any account details, paypal details, transaction details, how much a player donate for a server, whem, his private information (First, Last Name), and many more.

 

The hole in /data/ %all files%

You can check it on any server, but for example i will publish only one

[ link removed ]

 

There is another bugs, but i can't remember them, there are many security holes in mail system, in donation module, in vending module.

But nobody listen. That is the biggest problem. People do not care, so i'm publish this information here, and i guess, it will be solved much faster.

 

Have a nice day

 

My server just got hacked, this might be why.

 

exactly.

FluxCP not secure, and never was secure.

A lot of people threating cerescp and other control panels, and think "flux is stable and works fine", but it's not.

There are tons of REPORTED bugs, which or ignored, or removed from the board, a lot of people really don't care, because not they are loosing a real money / reputation :)

 

As for me, i've report about this bugs since 2011, and only few guys was take attention to my words and tried to help. Other people who manage fluxcp repository ALREADY KNOW about the bugs, and really do nothing against them. Maybe they doing it specially to take DB's from servers, or maybe they are just really don't care.

 

My suggestions: 

any static php analyzer will find in any fluxcp revision a lot of security holes, all of them reported.

I'm suggest DO NOT USE fluxCP, this is very bugged... And that is shame to alll (to me too).

Share this post


Link to post
Share on other sites

For a fact, the FluxCP project doesn't really have a maintainer right now. It's an open source project, though, and it's on github, so anyone can make a pull request if there's a bug (and someone will merge it).

 

I have never audited the entire fluxcp code / structure (and probably never will, it's over-complicated), but only parts of it.

Share this post


Link to post
Share on other sites

I agree with Haru. There have been several CPs that I've tested such as Cora and FluxCP is more "over complicated" than simple. I'd be willing to look over the FluxCP any merging any fixes / requests. FluxCP has always had holes =/

Share this post


Link to post
Share on other sites

I agree with Haru. There have been several CPs that I've tested such as Cora and FluxCP is more "over complicated" than simple. I'd be willing to look over the FluxCP any merging any fixes / requests. FluxCP has always had holes =/

Maybe its time to make a new FluxCP?

Share this post


Link to post
Share on other sites

Hello Everyone,

 

Could you please help me to fix the fluxcp Email Verification issue.

i have enabled Email verification and able to receive confirmation on link, but the problem is, created user can login InGame without Email confirmation.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.