[cod] Cfg download hacking
David@Game-Serve
david at game-serve.co.uk
Mon Sep 13 15:33:14 EDT 2010
On 13/09/10 20:16, Morpheus wrote:
> Yes, but it is only relevant with http downloading (I'm simlinking the
> folder too, but with a good htaccess restrictions, and stricts
> permission on the files--only readable by the owner). Is it possible
> to use the client to try downloading the cfg through the built-in
> protocol ? That could be the major hack, and it can potentially touch
> every quake-based game, at least those using the same net codebase
> (cod2 is one of them).
>
> But I'm pretty sure it's not the case, and http is the way to follow,
> and to harden...
You mean like the one that already exists on the quake3 engine based
games? like mohaa which will allow you to download the config files on
servers that dont have downloads disabled (set sv_allowDownload "0"),
whats worse is that mohaa doesn't even use the server-client download
functions of the quake3 engine but the code must still be in there
somewhere as the exploit works
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://icculus.org/pipermail/cod/attachments/20100913/6891db8d/attachment-0001.htm>
More information about the cod
mailing list