It seems the upload/download exploits aren't dead yet, and Valve
didn't do a good job at patching them. A blacklist didn't work too
well. Here is a serverplugin POC to upload and download files. It's
fairly trivial to use:

download_file cfg/server.cfg
upload_file addons/serverplugin_sample.dll

upload_file doesn't work in TF2, but download_file does. I'm told you
can upload DLLs in Gmod and L4D2. Credit to Chrisaster and the rest of
the Gmod scene.

Codename "Source Engine Suck Server Pwner" in memory of nitro2o:
http://dl.dropbox.com/u/759758/sourcenginesuck_serverowner.7z

Source:
http://azu.pastebin.com/m1cd1ab0b

_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds

Reply via email to