[cod] Cfg download hacking

David@Game-Serve david at game-serve.co.uk
Mon Sep 13 15:33:14 EDT 2010


On 13/09/10 20:16, Morpheus wrote:
> Yes, but it is only relevant with http downloading (I'm simlinking the 
> folder too, but with a good htaccess restrictions, and stricts 
> permission on the files--only readable by the owner). Is it possible 
> to use the client to try downloading the cfg through the built-in 
> protocol ? That could be the major hack, and it can potentially touch 
> every quake-based game, at least those using the same net codebase 
> (cod2 is one of them).
>
> But I'm pretty sure it's not the case, and http is the way to follow, 
> and to harden...

You mean like the one that already exists on the quake3 engine based 
games? like mohaa which will allow you to download the config files on 
servers that dont have downloads disabled (set sv_allowDownload "0"), 
whats worse is that mohaa doesn't even use the server-client download 
functions of the quake3 engine but the code must still be in there 
somewhere as the exploit works


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://icculus.org/pipermail/cod/attachments/20100913/6891db8d/attachment-0001.htm>


More information about the cod mailing list