Another set of examples.... https://securelist.com/png-embedded-malicious-payload-hidden-in-a-png-file/74297/
https://phocean.net/2013/09/29/file-upload-vulnerabilities-appending-php-code-to-an-image.html http://www.hackingarticles.in/5-ways-file-upload-vulnerability-exploitation/ https://www.owasp.org/index.php/Server-Side_Includes_(SSI)_Injection Really good book on image file injections... https://books.google.com/books?id=lG_XdxA5LRUC&pg=PA21&lpg=PA21&dq=image+file+injection+compromsing+server&source=bl&ots=E_qdLyJY3C&sig=8BSYFi3AukgoccEcujtnrdeoR4Y&hl=en&sa=X&ved=0ahUKEwiG58epn-bWAhVi_IMKHcaqD5YQ6AEIWTAH#v=onepage&q=image%20file%20injection%20compromsing%20server&f=false On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <[email protected]> wrote: > Do you have a POC? > > > * From: * Stealth Mode <[email protected]> > * To: * <[email protected]> > * Sent: * 10/10/2017 12:44 AM > * Subject: * Re: [Csgo_servers] Custom files exploit > > Yes, IT skills. Electronics skills. And old school knowledge of how to > inject image files with malicious code (NetSec/ITSec). This is an older > style of "hacking". Remember those warnings about clicking download > attachments from the 90s onward? Same thing still applies. Except, there is > no detection for any hlds/go server, so an injected image can contaminate a > server cache. Which in turn will infect clients. Any image file, any data > file really, can be modified like this. Willing to bet good money those > $500. go weapon skins have hack code scripted and injected into the image. > > > On Mon, Oct 9, 2017 at 11:59 AM, iNilo <[email protected]> wrote: > > Sure, > > But you have anything to back this up? (don't take it the wrong way) > > Nilo. > > 2017-10-09 16:54 GMT+02:00 Stealth Mode <[email protected]>: > > Headsup admins/owners. Might want to disable custom files till valve > addresses this issue brought to their attention a month ago. > There is an exploit where any client with minor skill can inject custom > files with all types of malicious code. From hacks in weapon skins, to > ransomware in custom .bsp, to remote backdoors in custom spray paints. > > The exploit is injecting code into any image, sound, or data file. You can > take weapon skins (csgo), sound files, spray paint image files, even > .bsp/etc. and inject hack code, or actual ransomware, viruses, or > Trojans/rootkits directly into a server cache, or client cache via the > custom file. > > Might want to disable custom files till valve decides to correct this > issue. > > -StealthMode > > _______________________________________________ > Csgo_servers mailing list > [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > > > _______________________________________________ > Csgo_servers mailing list > [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > > > > _______________________________________________ > Csgo_servers mailing list > [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > > _______________________________________________ > Csgo_servers mailing list > [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >
_______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
