[quake3] File download exploit
Thilo Schulz
arny at ats.s.bawue.de
Tue Feb 12 09:37:56 EST 2008
On Dienstag, 12. Februar 2008, James Munro wrote:
> http://rafb.net/p/XmBZ6E34.html
>
> The code will allow you to download any file from the server. As standard,
> the Q3 server file download function does not check which directory the
> user is downloading from, and so this code can be used to download the
> server.cfgwhich may contain the rcon password, so it is clear why this
> is a problem!
This looks like an exploit for a bug that Ludwig Nussel and I have found some
time ago already. Please look at my advisory for more information:
http://seclists.org/fulldisclosure/2006/May/0225.html
--
Thilo Schulz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://icculus.org/pipermail/quake3/attachments/20080212/b5eb08ce/attachment.pgp>
More information about the quake3
mailing list