SRCDS Steam group


SRCDS - Exploit Action
#1
I was wondering if the exploit for the Orange Engine based games has been fixed where users were able to upload/download specific files to the game server.

If this has not been fixed is there any way to prevent it without any third-party modifications ie(sourcemod, mani admin, etc). Also if it has not been fixed what has SRCDS done to help prevent it? I understand something like this may take time to fix, but it is a great concern when they may have the ability to take over a server box with this exploit.

Thank you,

- Travis
Reply
#2
Are you talking about

Code:
"sv_scriptenforcer"                "1"
Reply
#3
sv_allowupload 0

Also I think it was fixed when porting it to OrangeBox from the previous engine.
Reply
#4
I see. Does anyone else know if they did fix the issue when they moved to Orange Box Engine?

Just to bring you upto speed, the exploit was an ability to convince the server to allow you to download/upload files to the gameserver. sv_allowupload never had any effect on it, but again the exploit would allow you to take over the server and do from there whatever you wanted. I've yet to get a confirmation back from Valve, but I hope they will be able to confirm something on this issue.
Reply
#5
yes it has been fixed. It was fixed when they changed engines.. AND sv_allowupload 0 stopped it completely
Reply


Forum Jump:


Users browsing this thread: 3 Guest(s)