myg0tDerKaiser

Utilize Google

mass infractions

Get your glasses on, wav is shown on the pic

oh my goodness

http://i34.tinypic.com/28bwap4.jpg

There is no way to reverse a VAC ban

http://www.enhancedaim.com has the only functional anti-mute feature for the Orange Box Engine (TF2, DoD:S and soon CS:S)

####################################################################### Luigi Auriemma Application: WebMod http://www.djeyl.net/w.php Versions: <= 0.48 Platforms: Windows and Linux Bugs: A] directory traversal B] Cookie buffer-overflow C] parser.cpp arbitrary memory writing D] scripts source disclosure Exploitation: remote Date: 03 May 2008 Author: Luigi Auriemma e-mail: aluigi@autistici.org web: aluigi.org ####################################################################### 1) Introduction 2) Bugs 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== WebMod is an open source MetaMod plugin which acts as a web server for Half-Life running on the equivalent TCP port of the UDP one used by the game. ####################################################################### ======= 2) Bugs ======= ---------------------- A] directory traversal ---------------------- WebMod uses an anti-directory traversal check which searchs for any "../" pattern in the HTTP request of the client. So it's enough to use a "..\" pattern to bypass the check and being able to download any file from the disk where Half-Life is running included the configuration files of the game server (like ..\..\..\..\platform\config\server.vdf or ..\..\..\server.cfg). Note that this bug works only on Windows servers. From server.cpp: void clientHandle(int connfd, httpquery_t *query, int tid) ... if(strstr(str,"../")) // hack attempt, display index page { str[0]='\0'; } ------------------------- B] Cookie buffer-overflow ------------------------- A cookie parameter longer than MYSOCK_BUFLEN (8192) bytes leads to a stack based buffer-overflow. From server.cpp: void connectHandle(void *data) { char *input; char buf[MYSOCK_BUFLEN+1]; ... for(j=0;input&&input!=';'&&input!='\n';j++,i++) buf[j]=input; -------------------------------------- C] parser.cpp arbitrary memory writing -------------------------------------- The functions in parser.cpp are affected by some memory corruption vulnerabilities with different effects depending by the type of variable/script used. In short a value longer than MAX_FILE_SIZE (16384) bytes can lead to the writing of custom data in a custom memory address through strcat (auth.w?mode) or a NULL pointer (auth.w?redir) or an invalid memory access (the rconpass parameter of auth.w) and so on. ---------------------------- D] scripts source disclosure ---------------------------- Adding a dot at the end of the requested URI allows the viewing of the script source code instead of executing it. This bug (which should work only on FAT/NTFS filesystems) can be considered a security vulnerability ONLY if the server runs custom scripts. ####################################################################### =========== 3) The Code =========== http://aluigi.org/poc/webmodz.zip nc SERVER PORT -v -v < webmodz1.txt nc SERVER PORT -v -v < webmodz2.txt nc SERVER PORT -v -v < webmodz3.txt nc SERVER PORT -v -v < webmodz4.txt ####################################################################### ====== 4) Fix ====== No fix #######################################################################

Please adjust the background of the rage collage to the forum color standard next time

He Od'ed

Both of you just received an infraction

+Infraction for Advertisment

I have always liked Operation Flashpoint, had countless hours of fun with it

Thread closed

Get your rcon hack for sv_cheats 1 servers here http://forums.myg0t.com/showthread.php?t=46886

Obvious troll, thread closed.

Hey people we need more pics of Europe, leave links to images here so I can upload them

You are violating Rule No. 7, as a result you receive an infraction.

Dear Captian, Flaming in the flame section is allowed, therefore infractions are not valid -Kaiser

Can you enlarge the first collage please?

Your post was clearly trying to provoke a flame war. Please stick flames to the flame section.

The only reason you would release something to the public is to get it patched

Wrong forum please post in appropriate forum section next time

Wrong forum please post in appropriate forum section next time

Keep up the good work. Please adjust the background of your rage collage to the forum color standard next time.