How did we jump from a server issue to AMX lol? Who even still uses AMX?!!?
On Tue, Oct 10, 2017 at 10:39 AM Stealth Mode <[email protected]> wrote: > @Kevin > > Yes this is what I was suggesting, also the Custom_files svar set to 0 > will disable this until vALVE can build a fix into the engine. EG: VAC > custom file checks, skin checks, .bsp submission system for addition to > market/game, etc. Right now the custom.hpk file is what will store spray > paints. This is the file server side that should be scanned. As each new > custom spray goes into this file, when it is written and accessed is when > this exploit can occur. > > There are also sql database injection vulnerabilities using AMX. But this > is another issue not valve related. > > On Tue, Oct 10, 2017 at 10:29 AM, Kevin C <[email protected]> wrote: > >> Pretty sure by context it means proof of concept. >> >> >> For CS:GO sv_allowupload 0 could easily be used to counter what you are >> claiming. This goes for any source game server but for games that allow >> sprays this would disable them. >> >> On 10/10/2017 10:26 AM, Stealth Mode wrote: >> >> POC far as I know is always Point Of Contact. Or Professional Overseas >> Contractor. >> >> Unless you are referring to Packet Order Correction in reference to >> networking. Which yes, even then, does not apply in this situation. >> >> -StealthMode >> >> On Tue, Oct 10, 2017 at 10:19 AM, Alan Love <[email protected]> wrote: >> >>> Did you read how that's actually exploited? It would require another >>> malicious script to parse the exif tag and eval some PHP. How exactly would >>> a similar situation occur on a hosted game server? Do you have a poc? You >>> say this email chain is one but I dont think you quite know what you're >>> talking about. >>> >>> On Oct 10, 2017 9:15 AM, "Stealth Mode" <[email protected]> >>> wrote: >>> >>>> This email is fine for a POC. Far as the exploit, for those who arent >>>> familiar, this is an example. >>>> >>>> >>>> https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding-Webshell-Backdoor-Code-in-Image-Files/ >>>> >>>> On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <[email protected]> >>>> wrote: >>>> >>>>> Do you have a POC? >>>>> >>>>> >>>>> * From: * Stealth Mode <[email protected]> >>>>> * To: * <[email protected]> >>>>> * Sent: * 10/10/2017 12:44 AM >>>>> * Subject: * Re: [Csgo_servers] Custom files exploit >>>>> >>>>> Yes, IT skills. Electronics skills. And old school knowledge of how to >>>>> inject image files with malicious code (NetSec/ITSec). This is an older >>>>> style of "hacking". Remember those warnings about clicking download >>>>> attachments from the 90s onward? Same thing still applies. Except, there >>>>> is >>>>> no detection for any hlds/go server, so an injected image can contaminate >>>>> a >>>>> server cache. Which in turn will infect clients. Any image file, any data >>>>> file really, can be modified like this. Willing to bet good money those >>>>> $500. go weapon skins have hack code scripted and injected into the image. >>>>> >>>>> >>>>> On Mon, Oct 9, 2017 at 11:59 AM, iNilo <[email protected]> wrote: >>>>> >>>>> Sure, >>>>> >>>>> But you have anything to back this up? (don't take it the wrong way) >>>>> >>>>> Nilo. >>>>> >>>>> 2017-10-09 16:54 GMT+02:00 Stealth Mode <[email protected]>: >>>>> >>>>> Headsup admins/owners. Might want to disable custom files till valve >>>>> addresses this issue brought to their attention a month ago. >>>>> There is an exploit where any client with minor skill can inject >>>>> custom files with all types of malicious code. From hacks in weapon skins, >>>>> to ransomware in custom .bsp, to remote backdoors in custom spray paints. >>>>> >>>>> The exploit is injecting code into any image, sound, or data file. You >>>>> can take weapon skins (csgo), sound files, spray paint image files, even >>>>> .bsp/etc. and inject hack code, or actual ransomware, viruses, or >>>>> Trojans/rootkits directly into a server cache, or client cache via the >>>>> custom file. >>>>> >>>>> Might want to disable custom files till valve decides to correct this >>>>> issue. >>>>> >>>>> -StealthMode >>>>> >>>>> _______________________________________________ >>>>> Csgo_servers mailing list >>>>> [email protected] >>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Csgo_servers mailing list >>>>> [email protected] >>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>>> >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Csgo_servers mailing list >>>>> [email protected] >>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>>> >>>>> >>>>> _______________________________________________ >>>>> Csgo_servers mailing list >>>>> [email protected] >>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>>> >>>> >>>> >>>> _______________________________________________ >>>> Csgo_servers mailing list >>>> [email protected] >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>> >>> >>> _______________________________________________ >>> Csgo_servers mailing list >>> [email protected] >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >> >> >> >> _______________________________________________ >> Csgo_servers mailing >> [email protected]https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> >> >> >> _______________________________________________ >> Csgo_servers mailing list >> [email protected] >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > > _______________________________________________ > Csgo_servers mailing list > [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers -- This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If you have any questions or concerns please feel free to contact my supervisor(s) at [email protected] or [email protected]
_______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
