I've upgraded my previously released patch for this exploit now too. http://forums.alliedmods.net/showthread.php?t=109453
Basically what this plug-in does is prevents downloading or uploading anything into sensitive directories. All requests will be logged, bad requests will be logged as "illegal" and report the players steamid and ip so you can banninate them. - voogru. -----Original Message----- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Saul Rennison Sent: Sunday, November 29, 2009 3:00 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] Source Engine Upload/Download POC You could upload a plugin which dumped Rcon and password data to a certain PHP page to the server, then crash the server (several known crashing exploits) to make the plugin auto-load. It's like a server root-kit lol. On Sunday, November 29, 2009, w4rezz <w4r...@gmail.com> wrote: > Or you can remove rcon_password from server.cfg and use it as a server > startup parameter +rcon_password blabla > > 2009/11/29 Michael Krasnow <mnk...@mnkras.com>: >> wait, so this means anyone can go on a server and download a server.cfg? >> >> time to bury my rcon in a crap load of exec files lol >> >> On Sun, Nov 29, 2009 at 7:49 AM, Saul Rennison <saul.renni...@gmail.com>wrote: >> >>> Awesome. It's not really a server plugin though is it? I'll try this >>> when I get home... take over some servers. <3 VALVe security. >>> >>> On Sunday, November 29, 2009, AzuiSleet <azuisl...@gmail.com> wrote: >>> > Yes well you can ignore those fools. They like to vandalize my pastebin. >>> > >>> > On Sun, Nov 29, 2009 at 3:55 AM, cnu <bsh...@broadpark.no> wrote: >>> >> On Sunday 29 November 2009 10:26:50 AzuiSleet wrote: >>> >>> Source: >>> >>> http://azu.pastebin.com/m1cd1ab0b >>> >> >>> >> You got some other interesting pastes here :p >>> >> http://azu.pastebin.com/m483ef5a0 >>> >> http://azu.pastebin.com/f32ff6903 >>> >> >>> >> _______________________________________________ >>> >> To unsubscribe, edit your list preferences, or view the list archives, >>> please visit: >>> >> http://list.valvesoftware.com/mailman/listinfo/hlds >>> >> >>> > >>> > _______________________________________________ >>> > To unsubscribe, edit your list preferences, or view the list archives, >>> please visit: >>> > http://list.valvesoftware.com/mailman/listinfo/hlds >>> > >>> >>> -- >>> >>> Thanks, >>> - Saul. >>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> please visit: >>> http://list.valvesoftware.com/mailman/listinfo/hlds >>> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds >> > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > -- Thanks, - Saul. _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
