AlliedModders - Security Exploit in UAIO Binary

AlliedModders (https://forums.alliedmods.net/index.php)

- News (https://forums.alliedmods.net/forumdisplay.php?f=16)

- - Security Exploit in UAIO Binary (https://forums.alliedmods.net/showthread.php?t=66326)

Re: Security Exploit in UAIO Binary

hey Bail, I sent you an email on this as well.

STEAM_0:1:20031 is an innocent bystander, he is one of my trusted admins and NOT a part of this nefarious scheme. I believe his ID was included as he was in the logs I sent in because my server was attacked using this exploit, . the intruder was trying to BAN this ID, mostly I believe due to the fact that he was the only other admin present while he was using his hijacked credentials.. please exonerate this individual as he is not guilty.

Thanks

sly

Re: Security Exploit in UAIO Binary

Gotcha...sorry for the confusion. The logins were one right after another, so we thought they ran in tandem.

Re: Security Exploit in UAIO Binary

wow, well i dont really use uaio anymore so im safe :P

Re: Security Exploit in UAIO Binary

heh....i was looking for some of those old, exploited UAIOs and I actually found one...that one was all the way back from August, 2006 and the version was 1.51 ( same as the current one....errrrg )...i would post a link to the site where I found it, but I fear admin rage

Quote:

// uaio_admin.sma Version 1.51 Date: AUG/01/2006

Re: Security Exploit in UAIO Binary

I can't believe it! that means this exploit has been circling for a while...and it was blood? I can't believe this. he is a good coder too... this is sad. gj guys on the find. ill +rep you all later. I'm on my pda.

Re: Security Exploit in UAIO Binary

Wow, hard stuff :shock:

Re: Security Exploit in UAIO Binary

Quote:

Originally Posted by hoboman (Post 579438)

i would post a link to the site where I found it, but I fear admin rage

I would then suggest PMing it to either Roach, Bail, or sawce. But, make sure that the subject line is detailed enough so that they know what it is before they delete it.

It is amazing what people will do to other servers. I always recompile the source code that I get from anywheres, of course, it is normally only from here anyways.

Re: Security Exploit in UAIO Binary

Good catch guys.

Quote:

BAD: You have an exploited copy of UAIO. Download new copies of all UAIO .amxx files. You should post in the forum news thread that you encountered this incident.

I only download my plugins from here !!! I don't think I got this from anywhere else.

This is really sad. All he had to do, imo, was ask me for admin on my servers and I prolly would have said sure.

Code:

////////////////////////////////////////////////////////////////////////////////////////////

//   uaio_admin.sma                    Version 1.51                       Date: AUG/01/2006

//

//   RS UAIO (Ultimate All-In-One) Admin Menu System (Multilingual)

//   File: UAIO Admin - Main Source File

//

//   Created By:    Rob Secord, B.Sc.

//   Alias: xeroblood (aka; Achilles; sufferer)

//   Email: [email protected]

//

//   Updated By:    Dan Weeks

//   Alias: $uicid3

//   Email: [email protected]

//

//   Developed using:  AMXX 1.50, 1.55, 1.60, 1.65, 1.70, 1.75

//   Modules:          Fun

//                     Engine

//                     CStrike

//

//   Tested On:        CS 1.6 (STEAM)

//                     Linux HLDS

//                     Windows HLDS/ListenServer

//

//   Current Internal Command Count: 81

//

////////////////////////////////////////////////////////////////////////////////////////////

Re: Security Exploit in UAIO Binary

Although this is kinda in the jerk category. I can't really blame him for doing that. He made I believe the most popular amxx plugin. I would have been tempted to do the same thing.

Re: Security Exploit in UAIO Binary

Wow, Good Job once again. Kinda crazy tho. Diddnt expect that from that particular individual, but then again its a community on the intranet and Not in person, so you can't get punched in the face.
Good thing Xanimos runs it now.