How is it executing code? What exactly is the mechanism in play here that is evaluating your exploit code? You keep mentioning images, but that would require the backend to parse and execute an exploit attached to said image. There's nothing that would do that. If this was the case large sites like imgur and Facebook would be compromised every day.
You keep mentioning you work in the field of IT or whatever but that's just hard to believe as someone who actually does. This is such a dumb thing to make a fuss over and clearly shows you have no clue what you're talking about. Going to assume you're just a troll until you can actually come up with an actual poc. Good luck and have fun out there. If you ever want some good resources on how to properly learn this stuff feel free to ask and I can provide. On Oct 10, 2017 9:25 AM, "Stealth Mode" <[email protected]> wrote: > Actually my information is grounded in fact and 100% replicatable if you > know the field. I've listed a few resources to educate yourself. Please > refrain from speaking if you do not have an education in ITSec. > > https://books.google.com/books?id=0OlIT9eEEsoC&pg= > PA193&lpg=PA193&dq=image+file+injection+compromsing+server& > source=bl&ots=vGZbN7Qhsb&sig=3CbPAaU8hPbmqemmMXQ4kZXoI2E& > hl=en&sa=X&ved=0ahUKEwiG58epn-bWAhVi_IMKHcaqD5YQ6AEIYDAJ#v= > onepage&q=image%20file%20injection%20compromsing%20server&f=false > > The links I've provided are just a few examples. Anyone can make a custom > image file (weapon skin, or spray paint, or wad in a .bsp) inject code into > it, and use your server, and clients connected to it to launch whatever > code they want. In the links provided, these are image files used to inject > code into web servers once the image is loaded. Meaning, once a spray is > sprayed, or a client uses x weapon skin through GO market. Once sent to > server/client cache, it then executes spraying a benign image, or rendering > a benign looking skin, while behind the scenes it is also executing code. > Now most of these script kiddies probably are just using the images to run > hacks, which yes they can be just that benign. However, more sophisticated > hackers can also use this to compromise entire networks, backbones, etc. > > On Mon, Oct 9, 2017 at 8:28 PM, devu4 <[email protected]> wrote: > >> This is such a pointless thread, no proof and a big headed clueless guy >> coming out with irrelevant crap! >> >> >> >> -- >> Sent from: http://csgo-servers.1073505.n5.nabble.com/ >> >> _______________________________________________ >> Csgo_servers mailing list >> [email protected] >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > > > _______________________________________________ > Csgo_servers mailing list > [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >
_______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
