It seems the upload/download exploits aren't dead yet, and Valve didn't do a good job at patching them. A blacklist didn't work too well. Here is a serverplugin POC to upload and download files. It's fairly trivial to use:
download_file cfg/server.cfg upload_file addons/serverplugin_sample.dll upload_file doesn't work in TF2, but download_file does. I'm told you can upload DLLs in Gmod and L4D2. Credit to Chrisaster and the rest of the Gmod scene. Codename "Source Engine Suck Server Pwner" in memory of nitro2o: http://dl.dropbox.com/u/759758/sourcenginesuck_serverowner.7z Source: http://azu.pastebin.com/m1cd1ab0b _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds