It seems the upload/download exploits aren't dead yet, and Valve
didn't do a good job at patching them. A blacklist didn't work too
well. Here is a serverplugin POC to upload and download files. It's
fairly trivial to use:
download_file cfg/server.cfg
upload_file addons/serverplugin_sample.dll
On Sunday 29 November 2009 10:26:50 AzuiSleet wrote:
Source:
http://azu.pastebin.com/m1cd1ab0b
You got some other interesting pastes here :p
http://azu.pastebin.com/m483ef5a0
http://azu.pastebin.com/f32ff6903
___
To unsubscribe, edit your list
Yes well you can ignore those fools. They like to vandalize my pastebin.
On Sun, Nov 29, 2009 at 3:55 AM, cnu bsh...@broadpark.no wrote:
On Sunday 29 November 2009 10:26:50 AzuiSleet wrote:
Source:
http://azu.pastebin.com/m1cd1ab0b
You got some other interesting pastes here :p
Awesome. It's not really a server plugin though is it? I'll try this
when I get home... take over some servers. 3 VALVe security.
On Sunday, November 29, 2009, AzuiSleet azuisl...@gmail.com wrote:
Yes well you can ignore those fools. They like to vandalize my pastebin.
On Sun, Nov 29, 2009 at
wait, so this means anyone can go on a server and download a server.cfg?
time to bury my rcon in a crap load of exec files lol
On Sun, Nov 29, 2009 at 7:49 AM, Saul Rennison saul.renni...@gmail.comwrote:
Awesome. It's not really a server plugin though is it? I'll try this
when I get home...
You're better off blocking your game server's TCP port.
On Sun, Nov 29, 2009 at 7:51 AM, Michael Krasnow mnk...@mnkras.com wrote:
wait, so this means anyone can go on a server and download a server.cfg?
time to bury my rcon in a crap load of exec files lol
On Sun, Nov 29, 2009 at 7:49 AM,
Shell/RDP account. Cryptography key. RCON port blocked/filtered to a
specific IP.
Winrar.
Michael Krasnow wrote:
wait, so this means anyone can go on a server and download a server.cfg?
time to bury my rcon in a crap load of exec files lol
On Sun, Nov 29, 2009 at 7:49 AM, Saul Rennison
Or you can remove rcon_password from server.cfg and use it as a server
startup parameter +rcon_password blabla
2009/11/29 Michael Krasnow mnk...@mnkras.com:
wait, so this means anyone can go on a server and download a server.cfg?
time to bury my rcon in a crap load of exec files lol
On Sun,
Good idea i think thats a bit easier :)
On Sun, Nov 29, 2009 at 11:13 AM, w4rezz w4r...@gmail.com wrote:
Or you can remove rcon_password from server.cfg and use it as a server
startup parameter +rcon_password blabla
2009/11/29 Michael Krasnow mnk...@mnkras.com:
wait, so this means anyone
From: hlds-requ...@list.valvesoftware.com
Subject: hlds Digest, Vol 21, Issue 62
To: hlds@list.valvesoftware.com
Date: Sat, 28 Nov 2009 12:00:01 -0800
Send hlds mailing list submissions to
hlds@list.valvesoftware.com
To subscribe or unsubscribe via the World Wide Web, visit
You could upload a plugin which dumped Rcon and password data to a
certain PHP page to the server, then crash the server (several known
crashing exploits) to make the plugin auto-load. It's like a server
root-kit lol.
On Sunday, November 29, 2009, w4rezz w4r...@gmail.com wrote:
Or you can remove
Read the OP...
On Sunday, November 29, 2009, Aaron A. Maricic pennsta...@gmail.com wrote:
Does this apply to L4D / L4D2?
AzuiSleet wrote:
It seems the upload/download exploits aren't dead yet, and Valve
didn't do a good job at patching them. A blacklist didn't work too
well. Here is a
I've upgraded my previously released patch for this exploit now too.
http://forums.alliedmods.net/showthread.php?t=109453
Basically what this plug-in does is prevents downloading or uploading
anything into sensitive directories.
All requests will be logged, bad requests will be logged as
13 matches
Mail list logo