Raised This Month: $95 Target: $400
 23% 

fullupdate Blocker (fixes an expliot)


Post New Thread Reply   
 
Thread Tools Display Modes
Plugin Info:     Modification:   ALL        Category:   Event Related        Approver:   devicenull (200)
jtp10181
Veteran Member
Join Date: May 2004
Location: Madison, WI
Old 07-31-2004 , 22:07   fullupdate Blocker (fixes an expliot)
Reply With Quote #1

I just found this out recently..... if you use the client command "fullupdate" it will force a HUD reset on your end. The problem with this for plugins is that MANY use this event to tell when a user has a new spawn at that start of a round like so...

Code:
register_event("ResetHUD","newSpawn","b")
This event is in fact called when using this "fullupdate" command. It can be used to reset tons of settings in most plugins because this is where they initialize variables for the round.

I made a simple plugin that blocks this command form resetting the HUD. I have not found any valid use for this command so blocking it should be safe.

Plugin now logs attempts to "fullupdate.log" in the logs dir.

Just load this plugin before any plugin you want it to affect.
Attached Files
File Type: sma Get Plugin or Get Source (fullupdate_blocker.sma - 3324 views - 805 Bytes)
__________________

Last edited by jtp10181; 07-15-2006 at 01:13.
jtp10181 is offline
Send a message via ICQ to jtp10181 Send a message via AIM to jtp10181 Send a message via MSN to jtp10181 Send a message via Yahoo to jtp10181
Neo-Vortex
Senior Member
Join Date: Jun 2004
Location: Australia
Old 07-31-2004 , 22:30  
Reply With Quote #2

hmmm, i should test this out on acouple of fun-servers... (using fullupdate to skrew with it)... see if it really has much effect...
Neo-Vortex is offline
QwertyAccess
Veteran Member
Join Date: Feb 2004
Location: Enjiru Layer
Old 08-01-2004 , 01:17  
Reply With Quote #3

jtp, it would be best if you didnt show others how.... anyway my server is protected so i dont care, ive protected it a loooong time ago. theres also another way to make it like you resethud
__________________
QwertyAccess is offline
jtp10181
Veteran Member
Join Date: May 2004
Location: Madison, WI
Old 08-01-2004 , 02:06  
Reply With Quote #4

I figured its better to annouce the problem and fix it than pretend its not there and hope people dont use it.....
__________________
jtp10181 is offline
Send a message via ICQ to jtp10181 Send a message via AIM to jtp10181 Send a message via MSN to jtp10181 Send a message via Yahoo to jtp10181
QwertyAccess
Veteran Member
Join Date: Feb 2004
Location: Enjiru Layer
Old 08-01-2004 , 02:34  
Reply With Quote #5

i'd just upload the .amx version if i were u,
__________________
QwertyAccess is offline
jtp10181
Veteran Member
Join Date: May 2004
Location: Madison, WI
Old 08-01-2004 , 09:27  
Reply With Quote #6

All plugins must be Open Source as part of the license I belive.....
__________________
jtp10181 is offline
Send a message via ICQ to jtp10181 Send a message via AIM to jtp10181 Send a message via MSN to jtp10181 Send a message via Yahoo to jtp10181
devicenull
Veteran Member
Join Date: Mar 2004
Location: CT
Old 08-01-2004 , 14:18  
Reply With Quote #7

Quote:
Originally Posted by QwertyAccess
jtp, it would be best if you didnt show others how.... anyway my server is protected so i dont care, ive protected it a loooong time ago. theres also another way to make it like you resethud
Theres lots of problems with the full* commands... so this is nothing new
__________________
Various bits of semi-useful code in a bunch of languages: http://code.devicenull.org/
devicenull is offline
AllMassive
Senior Member
Join Date: Sep 2004
Location: /dev/urandom
Old 04-17-2005 , 19:38  
Reply With Quote #8

HEya - are there still issues with those fullupdate-cmds ?

Should i install that plugin to avoid "bad behavior" of my server ?!



AllMassive is offline
jtp10181
Veteran Member
Join Date: May 2004
Location: Madison, WI
Old 04-19-2005 , 19:35  
Reply With Quote #9

Quote:
Originally Posted by AllMassive
HEya - are there still issues with those fullupdate-cmds ?

Should i install that plugin to avoid "bad behavior" of my server ?!



it will always be a problem, as long as plugin authors continue to use bad style for coding and use a hudreset as a way to detect a new round.
__________________
jtp10181 is offline
Send a message via ICQ to jtp10181 Send a message via AIM to jtp10181 Send a message via MSN to jtp10181 Send a message via Yahoo to jtp10181
PyRo
Member
Join Date: Mar 2005
Old 04-19-2005 , 21:36  
Reply With Quote #10

Thanks for this, I tried fullupdate on my server and found out it's abusable so this will be going on my server
PyRo is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 11:21.


Powered by vBulletin®
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
Theme made by Freecode