PDA

View Full Version : Bug report: TS3 and billing API


dimitrifrom31
08-07-2015, 12:30 PM
Hi,

I just found a bug in TCAv1 billing API or better call it an exploit.

If the client stops his teamspeak server then upgrades/downgrades his plan (from whmcs for example) the slots won't change.
That said you can order a 100 slots server, stop it, downgrade to 10 slots so you are billed for 10 slots then start it and it will still have 100 slots.

The reason being that stopped servers can't be edited. A work around would be to get tcadmin to start the server if stopped, change the slots and stop it again.

ECF
08-07-2015, 02:19 PM
I think this was fixed in an update. Please put in a support ticket and ask Luis.

NRTServers
08-07-2015, 05:23 PM
Hi,

I just found a bug in TCAv1 billing API or better call it an exploit.

If the client stops his teamspeak server then upgrades/downgrades his plan (from whmcs for example) the slots won't change.
That said you can order a 100 slots server, stop it, downgrade to 10 slots so you are billed for 10 slots then start it and it will still have 100 slots.

The reason being that stopped servers can't be edited. A work around would be to get tcadmin to start the server if stopped, change the slots and stop it again.


Please let us know what Luis's response was if you would..
No sense loading up the support system if we all are looking for the response..

BTW...nice find..I hope you didn't get burned with this exploit if that is
what it is..

Have a nice week-end

Dave

NRT

dimitrifrom31
08-10-2015, 05:59 AM
I am running latest TCA v1 version and the issue was not fixed.
I submitted an answer to an existing ticket about TS3 three days ago but got no reply yet, Luis might be in holidays.
I did not get hit directly by this exploit and will post when I get an answer from Luis.

ECF
08-10-2015, 02:51 PM
He may be creating an update which will include a fix.