Page 1 of 1

New Exploit

Posted: Thu Apr 14, 2011 2:12 am
by Xaphan
There is a new exploit or an old one that has never been fixed.
Allows the player to rename a map to a folder,

I do run D-FEN but it is outdated, anyways it logged his actions.

Code: Select all

L 04/13/2011 - 23:09:09: [D-FENS] "<><STEAM_0:1:XXX><IP>" uploaded file "maps/cs_office.bsp\hacked.txt".
At the map change level these are the errors...

Code: Select all

CModelLoader::Map_IsValid: No such map 'maps/cs_office.bsp'
changelevel failed: cs_office not found 
You must first delete the folder and replace the map.
Any protection I can do on a windows server to prevent this?

Re: New Exploit

Posted: Thu Apr 14, 2011 11:12 am
by Kigen
Hmm, I thought Valve patched this.

Can you post a full log in the HLDS mailing list? Or if your trying to keep it private send it to me. I'll see what can be done.

Re: New Exploit

Posted: Thu Apr 14, 2011 2:29 pm
by Xaphan
The log is 198megs, not sure if I need to post all of that.
EDIT: I can upload it if you want it.

This is all that was in the logs... related to the map.

Code: Select all

L 04/13/2011 - 23:09:09: [D-FENS] "<><STEAM_0:1:XXX><IP>" uploaded file "maps/cs_office.bsp\hacked.txt".
CModelLoader::Map_IsValid: No such map 'maps/cs_office.bsp'
changelevel failed: cs_office not found 
Server is updated to the latest as well, so it must be new exploit.
for now I did install a SM extension called ServerSecure.

Re: New Exploit

Posted: Thu Apr 14, 2011 5:31 pm
by nightrider
Thank you for posting the information Xaphan.