Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Using ModulesFactory's Proxmox module? There's a nasty exploit!
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Using ModulesFactory's Proxmox module? There's a nasty exploit!

FranciscoFrancisco Top Host, Host Rep, Veteran
edited January 2016 in General

Hello everyone,

While doing an installation for a client today I of ModulesFactory's Proxmox WHMCS Module that's quite nasty.

I already contacted the developer about this but haven't heard back anything. I also don't know if they will bother emailing everyone to update. Either way, it's simply easier to help people patch up and keep safe.

I've written a workaround patch but won't be releasing it to the public. Instead, if you're a provider and can prove you're using this, please email me at [email protected] or contact me on here and I'll provide you the patch. You can also skype me at 'deltaanime'.

Thanks to @mitgib for helping me confirm & test.

Francisco

«1

Comments

  • Uh oh.

    I believe that a number of provides are using this module. This could get very ugly, very quickly.

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @0xdragon said:
    Uh oh.

    I believe that a number of provides are using this module. This could get very ugly, very quickly.

    s'why i'd like people to contact me and get patched :)

    Francisco

  • Francisco said: I already contacted the developer about this but haven't heard back anything. I also don't know if they will bother emailing everyone to update. Either way, it's simply easier to help people patch up and keep safe.

    Good luck getting a response on that, I looked at this module 18 months ago and reported numerous issues including potential vulnerabilities.

    No response.

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @MarkTurner said:
    No response.

    Well, I confirmed, and patched, one of the big ones I found. :) It's a hackjob of a patch but it works well enough.

    Francisco

    Thanked by 1netomx
  • jmginerjmginer Member, Patron Provider

    What kind of exploit? Full WHMCS / Proxmox access?

  • @francisco

    why not just drop in a download link to the patch for everyone? you are kind enough to notify us all about an serious ongoing issue but the solution to it that you have created will not be published public? is there any reason behind that?

  • 0xdragon said: This could get very ugly, very quickly.

    All they have to do is kiss Fran's ring and they will be made ;)

    Thanked by 1netomx
  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @Mark_R said:
    francisco

    why not just drop in a download link to the patch for everyone? you are kind enough to notify us all about an serious ongoing issue but the solution to it that you have created will not be published public? is there any reason behind that?

    Because then where the issue is, is now in the wild and unsuspecting hosts could get popped.

    Francisco

    Thanked by 2Mark_R netomx
  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @jmginer said:
    What kind of exploit? Full WHMCS / Proxmox access?

    It's a nasty exploit, i'll leave it at that.

    Francisco

    Thanked by 1netomx
  • GM2015GM2015 Member
    edited January 2016

    I'm giving proxmox this afternoon a try. Looks easy enough to install over debian 8.

    Francisco said: Tagged:

    proxmox praisepony

    Thanked by 1netomx
  • FranciscoFrancisco Top Host, Host Rep, Veteran
    edited January 2016

    @GM2015 said:

    praisepony

    Francisco

    Thanked by 2GM2015 netomx
  • Francisco said: Well, I confirmed, and patched, one of the big ones I found. :) It's a hackjob of a patch but it works well enough.

    Just don't use it at all, its safer all round

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @MarkTurner said:
    Just don't use it at all, its safer all round

    Well, for once one of my threads isn't to criticize other hosts, it's just to lend a helping hand. ;)

    Francisco

    Thanked by 1netomx
  • Decency towards other hosts was never MarkTurner's strong side...

    Thanked by 2netomx Dylan
  • FranciscoFrancisco Top Host, Host Rep, Veteran
    edited January 2016

    @Amitz said:
    Decency towards other hosts was never MarkTurner's strong side...

    To be fair it isn't mine half the time either.

    Francisco

    Thanked by 2Jonchun netomx
  • raindog308raindog308 Administrator, Veteran
    edited January 2016

    miTgiB said: All they have to do is kiss Fran's ring and they will be made ;)

    BuyExploit, a new FranTech offering.

    image

    image

  • raindog308 said: BuyExploit, a new FranTech offering.

    Have you seen a picture of Fran? He is a good looking man(nohomo), but reminds me of a gangster from pre-WWII movies, but maybe it is just me.

    Thanked by 1GCat
  • @raindog308 said:
    image

    ponysploits.com - A Frantech Brand

    Thanked by 1raindog308
  • raindog308raindog308 Administrator, Veteran

    miTgiB said: Have you seen a picture of Fran? He is a good looking man(nohomo), but reminds me of a gangster from pre-WWII movies, but maybe it is just me.

    Post/reply race condition :-) Updated my post with a pic of Don Francisco.

    Thanked by 1miTgiB
  • GCat said: ponysploits.com - A Frantech Brand

    You forgot coming soon™

  • @miTgiB said:
    You forgot coming soon™

    I feel he's way more elegant in his topless towel photo.

  • Dear Francisco,
    Thank you, we received your report and have released a patch version 1.3.4.9.1 to address the vulnerability. Patch available for customers to download in their clientarea.

    Thanks
    Mohamed.
    Modules Factory.

    Thanked by 3miTgiB letbox postcd
  • Francisco said: Well, for once one of my threads isn't to criticize other hosts, it's just to lend a helping hand. ;)

    Its not a hosting issue, its just that this vendor's modules always appear to be very rushed/sloppy, lack quality control and they don't respond bug reports even when the functionality of the module is non-existent.

    Amitz said: Decency towards other hosts was never MarkTurner's strong side...

    Maybe you mean 'respect' not 'decency'. Respect has to be earned on all sides, it starts by doing the best you can do everyday and when things go wrong, learn from it and do your utmost to ensure it doesn't happen again. The people I complain about just keep doing the same thing day after day. The cerebrum isn't in gear.

  • MarkTurner said: Maybe you mean 'respect' not 'decency'. Respect has to be earned on all sides, it starts by doing the best you can do everyday and when things go wrong, learn from it and do your utmost to ensure it doesn't happen again. The people I complain about just keep doing the same thing day after day. The cerebrum isn't in gear.

    No, I was indeed taking about decency. ;-)
    But I must admit that my definition of "business decency" is based on a completely different industry. The hosting industry follows other rules than the one I am in. But we do not have to deepen this. In fact, I just wanted to aggravate you a bit. For the fun. You know, like in a pub when someone is making a half-serious joke just for the lolz. ;-)
    Have a beer. It's on me.

  • Amitz said: No, I was indeed taking about decency. ;-)

    Decency - 'behavior that conforms to accepted standards of morality or respectability.'

    Border line ;) But for the industry, probably better than most.

    But I must admit that my definition of "business decency" is based on a completely different industry.

    This industry like the telecoms sector is a cess pit. The concept of being a gentlemen is completely devoid.

    The hosting industry follows other rules than the one I am in. But we do not have to deepen this. In fact, I just wanted to aggravate you a bit. For the fun. You know, like in a pub when someone is making a half-serious joke just for the lolz. ;-)
    Have a beer. It's on me.

    Thanks :)

  • ModulesFactory said: released a patch version 1.3.4.9.1 to address the vulnerability.

    I have tested the patch, and it does work as advertised.

    Thanked by 2letbox postcd
  • letboxletbox Member, Patron Provider

    We using this module lately for KVM and it seems fixed now.

    Thanks

  • Proxmox VPS For WHMCS Changelog – v.2.1.0: 
    New Feature: Automatic IP address assignment - KVM virtualization
    Improvement: Automatically boot VM after reinstallation
    Improvement: IP Manager For WHMCS integration
    Improvement: Optimize server RAM usage retrieval process - Proxmox Addon
    Removed: 'Backup Storage' custom field - not used any more
    Bug Fix: Backups limits not respected
    Bug Fix: Upgrade VM after clone
    

    Not sure if they just ignored you or they don't want to show they had a vulnerability

  • @cassa said:

    > Proxmox VPS For WHMCS Changelog – v.2.1.0: 
    > New Feature: Automatic IP address assignment - KVM virtualization
    > Improvement: Automatically boot VM after reinstallation
    > Improvement: IP Manager For WHMCS integration
    > Improvement: Optimize server RAM usage retrieval process - Proxmox Addon
    > Removed: 'Backup Storage' custom field - not used any more
    > Bug Fix: Backups limits not respected
    > Bug Fix: Upgrade VM after clone
    > 

    Not sure if they just ignored you or they don't want to show they had a vulnerability

    ModulesFactory said: released a patch version 1.3.4.9.1 to address the vulnerability.

    They acknowledged it.

  • qpsqps Member, Host Rep

    cassa said: Not sure if they just ignored you or they don't want to show they had a vulnerability

    You are confusing ModulesGarden with ModulesFactory.

    Thanked by 3cassa Lee Lee
Sign In or Register to comment.