[cod] Cfg download hacking
James Landi
jim at landi.net
Tue Sep 14 12:52:27 EDT 2010
Security bulletin by Loigi (scroll down to issue 2)
http://www.securityfocus.com/archive/1/archive/1/433349/100/0/threaded
More quake based exploits here
http://aluigi.altervista.org/search.php?src=quake
Jim Landi
Rudedog
FPSadmin.com
Microsoft MVP, Games for Windows | Twitter@ therealrudedog
On 9/14/10 12:25 PM, Morpheus wrote:
> We're talking about the built-in download system, not the http
> redirect one, which you can control with symlinks and htaccess
> features. It's about a security hole that virtually exists in all
> q3-based games (at least for the net code).
>
> Le 14/09/2010 18:21, Mavrick a écrit :
>> Anyone tried symbolic links?
>>
>> On 14/09/2010 3:11 AM, Nosjp Nosjp wrote:
>>> The only one solution: set sv_allowDownload "0"
>>>
>>> On Mon, Sep 13, 2010 at 7:45 PM, Marco Padovan
>>> <evolutioncrazy at gmail.com <mailto:evolutioncrazy at gmail.com>> wrote:
>>>
>>> We are having major hack attempts that consist in people
>>> downloading the cfg files.... currently we had to use random
>>> file names...
>>>
>>> is there any solid work around?
>>>
>>>
>>> _______________________________________________
>>> cod mailing list
>>> cod at icculus.org <mailto:cod at icculus.org>
>>> http://icculus.org/mailman/listinfo/cod
>>>
>>>
>>>
>>> _______________________________________________
>>> cod mailing list
>>> cod at icculus.org
>>> http://icculus.org/mailman/listinfo/cod
>>
>>
>> _______________________________________________
>> cod mailing list
>> cod at icculus.org
>> http://icculus.org/mailman/listinfo/cod
>
>
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod
More information about the cod
mailing list