Note, I'm speaking with Erik @ SourceBans and gave him the exploit so it can be resolved. Hopefully the 1.4.8 version will be out shortly...
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Andre Müller Sent: Sunday, March 06, 2011 3:09 AM To: Half-Life dedicated Linux server mailing list Subject: Re: [hlds_linux] SourceBans hack in the open... Oh, thx for info. I'll publish this in our german support forum. DeaD_EyE sourceserver.info 2011/3/6 Vathral <[email protected]>: > On 03/06/2011 05:38 AM, Kate wrote: >> >> Peter: I'm actually going to wait until they contact me. I read about >> the XSS vuln and their apparent lack of resolution for the issue. >> (http://www.1337day.com/exploits/15369) >> >> Vathral: I figured out how exploited our instance by looking through >> the source and mucking about. I'm actually surprised that it wasn't >> found long ago. :( I even wrote a quick step-by-step to both >> duplicate the issue(log in as an admin) and a patch to the source. >> The patch however would show the exploit fairly easily so I'm >> concerned about releasing that detail. >> >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list >> archives, please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >> > http://forums.interwavestudios.com/topic/2751-issue-from-vulnerability > -xss/ > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
