BugTraq
Back to list
|
Post reply
UPDATE: Format String Vulnerability in Valve's CS-Source
Oct 14 2004 11:27AM
Some One (mc iglo ddclan de)
In-Reply-To: <20041013154826.13068.qmail (at) www.securityfocus (dot) com [email concealed]>
Hi,
i just found out, that u can also use it remotely against the server without any knowledge of the rcon-password!
just do the following:
type 'name "%n"' (without ') to console and wait until you get killed.
The server will be killed, too!
The other hand side, if you kill an other player, the server wont be affected.
>Hi,
>
>if u type '%n' (without ') to in-game-console, your game crashes instantly.
>
>So far, i was not able, to do this remotely with rcon %n e.g., but this does not mean, it is not possible.
>
>Valve also got informed.
>
>
>P.S. i want the old CS-betas back, where you needed skill instead of luck to hit the enemys head
>
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Hi,
i just found out, that u can also use it remotely against the server without any knowledge of the rcon-password!
just do the following:
type 'name "%n"' (without ') to console and wait until you get killed.
The server will be killed, too!
The other hand side, if you kill an other player, the server wont be affected.
>Hi,
>
>if u type '%n' (without ') to in-game-console, your game crashes instantly.
>
>So far, i was not able, to do this remotely with rcon %n e.g., but this does not mean, it is not possible.
>
>Valve also got informed.
>
>
>P.S. i want the old CS-betas back, where you needed skill instead of luck to hit the enemys head
>
[ reply ]