dlfile exploit

  scoper said:

 

Probably is known, but is not documented:

 

Vendor: Valve software

Software: hlds, all versions (including steam).

Problem: Information leak, DoS

Author: SYZo[sND]

 

Problem:

 

in server configuration, if allowdownload = 1, it's possible to download

any file from directory of the current game (cstrike was tested) or from

'valve' directory from server. Allowdownload is required to allow

clients to retrieve new maps from server.

 

Impact:

 

It's possible to download configuration files (like server.cfg,

configuration files for different mods, etc) with sensitive information,

including passwords. Additionally, downloading large file (for example

map) causes server to crash.

 

"Exploit":

 

cmd dlfile server.cfg

cmd dlfile addons/amx/users.ini

cmd dlfile addons/amx/mysql.cfg

cmd dlfile maps/de_torn.bsp

 

Workaround:

 

disable downloads.

 

--

http://www.security.nnov.ru

/\_/ { , . } |+--oQQo->{ ^ }<-----+ | ZARAZA U 3APA3A } You

know my name - look up my number (The Beatles)

+-------------o66o--+ /

|/

How 2 download the server.cfg? It always said "server.cfg already exist"

edit: wtf ! Too late! Now its been fixed!

scoper