I took a look at this video, it appears it's a rather primitive tool to run net_stringcmd commands on a server before the full sign on is complete (why did he have to launch the game?). Valve knows about this but hasn't done anything about this yet. In particular it looks like it runs the "status" command. There aren't any commands in the engine that will give an attacker the RCON password even if they haven't signed on, so it's likely an admin mod that doesn't do proper validation, like assuming the command from the player came as the console.
On Sun, Jun 20, 2010 at 9:03 PM, Juliano <mirando...@gmail.com> wrote: > http://www.youtube.com/watch?v=iNisvLqJAeM > Solution? > > Att. > Juliano > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlcoders > > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlcoders
