PoC||GTFO Chris. I mean despite the fact that clients don't upload textures, that you think it is a possible vector for a batch file to be executed after simply being put into memory shows how clueless you are. If you have anything productive please post, otherwise stop abusing computer security vernacular.
-nfbush On 9 Oct 2017 11:47 p.m., "Stealth Mode" <[email protected]> wrote: > Like literally, I could place an autoexec batch script in a spraypaint, or > a weapon skin, or any custom file. And once it hits memory (server cache) > it will execute whatever is wanted. > > On Mon, Oct 9, 2017 at 11:59 AM, iNilo <[email protected]> wrote: > >> Sure, >> >> But you have anything to back this up? (don't take it the wrong way) >> >> Nilo. >> >> 2017-10-09 16:54 GMT+02:00 Stealth Mode <[email protected]>: >> >>> Headsup admins/owners. Might want to disable custom files till valve >>> addresses this issue brought to their attention a month ago. >>> There is an exploit where any client with minor skill can inject custom >>> files with all types of malicious code. From hacks in weapon skins, to >>> ransomware in custom .bsp, to remote backdoors in custom spray paints. >>> >>> The exploit is injecting code into any image, sound, or data file. You >>> can take weapon skins (csgo), sound files, spray paint image files, even >>> .bsp/etc. and inject hack code, or actual ransomware, viruses, or >>> Trojans/rootkits directly into a server cache, or client cache via the >>> custom file. >>> >>> Might want to disable custom files till valve decides to correct this >>> issue. >>> >>> -StealthMode >>> >>> _______________________________________________ >>> Csgo_servers mailing list >>> [email protected] >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >> >> >> _______________________________________________ >> Csgo_servers mailing list >> [email protected] >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > > > _______________________________________________ > Csgo_servers mailing list > [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >
_______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
