Did you read how that's actually exploited? It would require another malicious script to parse the exif tag and eval some PHP. How exactly would a similar situation occur on a hosted game server? Do you have a poc? You say this email chain is one but I dont think you quite know what you're talking about.
On Oct 10, 2017 9:15 AM, "Stealth Mode" <[email protected]> wrote: > This email is fine for a POC. Far as the exploit, for those who arent > familiar, this is an example. > > https://www.trustwave.com/Resources/SpiderLabs-Blog/ > Hiding-Webshell-Backdoor-Code-in-Image-Files/ > > On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <[email protected]> > wrote: > >> Do you have a POC? >> >> >> * From: * Stealth Mode <[email protected]> >> * To: * <[email protected]> >> * Sent: * 10/10/2017 12:44 AM >> * Subject: * Re: [Csgo_servers] Custom files exploit >> >> Yes, IT skills. Electronics skills. And old school knowledge of how to >> inject image files with malicious code (NetSec/ITSec). This is an older >> style of "hacking". Remember those warnings about clicking download >> attachments from the 90s onward? Same thing still applies. Except, there is >> no detection for any hlds/go server, so an injected image can contaminate a >> server cache. Which in turn will infect clients. Any image file, any data >> file really, can be modified like this. Willing to bet good money those >> $500. go weapon skins have hack code scripted and injected into the image. >> >> >> On Mon, Oct 9, 2017 at 11:59 AM, iNilo <[email protected]> wrote: >> >> Sure, >> >> But you have anything to back this up? (don't take it the wrong way) >> >> Nilo. >> >> 2017-10-09 16:54 GMT+02:00 Stealth Mode <[email protected]>: >> >> Headsup admins/owners. Might want to disable custom files till valve >> addresses this issue brought to their attention a month ago. >> There is an exploit where any client with minor skill can inject custom >> files with all types of malicious code. From hacks in weapon skins, to >> ransomware in custom .bsp, to remote backdoors in custom spray paints. >> >> The exploit is injecting code into any image, sound, or data file. You >> can take weapon skins (csgo), sound files, spray paint image files, even >> .bsp/etc. and inject hack code, or actual ransomware, viruses, or >> Trojans/rootkits directly into a server cache, or client cache via the >> custom file. >> >> Might want to disable custom files till valve decides to correct this >> issue. >> >> -StealthMode >> >> _______________________________________________ >> Csgo_servers mailing list >> [email protected] >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> >> >> >> _______________________________________________ >> Csgo_servers mailing list >> [email protected] >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> >> >> >> >> _______________________________________________ >> Csgo_servers mailing list >> [email protected] >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> >> >> _______________________________________________ >> Csgo_servers mailing list >> [email protected] >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > > > _______________________________________________ > Csgo_servers mailing list > [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >
_______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
