I posted this up on SRCDS.com as well: http://forums.srcds.com/viewtopic/13843
Thanks for the heads up. ~ Matt On Tue, Mar 2, 2010 at 1:39 PM, Lane Eckley <[email protected]> wrote: > Hi Guys, > > > > I wanted to shoot out an email to everyone in regards to an exploit we have > come across today for those who are running Eventscripts & windows based > servers. > > > > Apparently a user is able to upload "corelib.pyc" to the game server without > using the common FTP/Control panel and via the game server itself. In turn, > using eventscripts he is able to execute his script, create an administrator > with full remote desktop access and finally remove all his files once his > account is created. > > > > Our security caught it before it was able to cause us any issues, however > this may be an issue for people who have lesser amount of security in place > and especially if you do not have a anti-virus/firewall running on the > machine. > > > > We have also found there is multiple variations of this file, so you may > want to be sure you do a full look at your machines. > > > > With that being said, the files are coming from a free web hosting account > over at t35.com - So if your machines have seen any connections in/out bound > to that host in the past 48 hours, I would highly suggest you check your > machines. > > > > Now on to the hosts on this list, we also found this in his scripts: > > > > C:\Games\rzr00\GameServers\TC55505872742137586643251\cstrike\addons\eventscr > ipts\wcs\WCSusers\es_wcsusers_db.txt > > > > So he was testing this somewhere else, someone else who is running TCAdmin - > If this is yours, I would start checking your boxes. > > > > Attached is a decrypted copy of the corelib.pyc. > > > > Joys, > > -Lane > > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
