[ANY] Fake VAC Ban
1 Attachment(s)
FakeVAC by Brrdy
Features: Releases a fake VAC message acting as if the person got banned Commands: fv_kick Usage: fv_kick <player> fv_version Changelog: Quote:
|
Re: Fake VAC Ban
Things wrong:
No version cvar, in fact some may argue that version 0.0.0 isn't a valid version, as that means there was no release, but you are releasing it right now... For some reason you require an include for one print to chat message, which could just use the corresponding \x07 color. You include <cstrike> and dont use it. You include clientprefs and dont use that either. You include sdkhooks for no reason. You shouldn't even need sdktools either... especially including it twice, jesus. YES BY ALL MEANS KICK A CLIENT BY NAME. You should never need to use ServerCommand to fire a SM command. KickClient() would work just fine, and wouldnt fire the "[SM]" logged command. Why does the player have to be alive to target him? |
Re: Fake VAC Ban
Read about SQL injection to learn why passing client names to ServerCommand IS A VERY BAD IDEA!
|
Re: Fake VAC Ban
Quote:
|
Re: Fake VAC Ban
Quote:
Edit: Example of command injection with your plugin: sm_fakevac lol;quit would turn into this: sm_kick lol;quit which in turn turns into these commands(as ; in source is a delimeter to serperate commands in console which is where servercommand executes things): sm_kick lol then it runs quit Quit in a server console shuts the server down. Edit2: Your using an indeterminate loop to do a what for can do(which for is determinate) |
Re: Fake VAC Ban
PHP Code:
PHP Code:
|
Re: Fake VAC Ban
Quote:
|
Re: Fake VAC Ban
Quote:
ServerCommand("sm_kick baddie;rcon_password hi"), setting the server's rcon_password to what ever he wants. |
Re: Fake VAC Ban
1 Attachment(s)
For those wanting a cleaned up version with the exploit fixed, download the following version:
|
Re: Fake VAC Ban
looks like c+p code..
also, shouldn't you use \x07 instead of {red} so it require less dependency for such a simple plugin? |
All times are GMT -4. The time now is 13:44. |
Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.