Raised This Month: $12 Target: $400
 3% 

File upload exploit fix


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
devicenull
Veteran Member
Join Date: Mar 2004
Location: CT
Old 08-19-2009 , 13:24   File upload exploit fix
Reply With Quote #1

v 1.0.0.2
Changes:
* Attempt to prevent crashes by only removing hooks when absolutely necessary
* Update with a workaround for the delete file exploit.

This plugin will prevent the recently discovered file upload exploit from working on your server. Installation is just like a normal SourceMM plugin, except you need to create a "exploits" directory in your mod directory (ex: cstrike/exploits). Any files that are attempted to be uploaded will be placed here.

This will prevent any file writes using valve's standard interface. This will break things such as SourceTV demos, sprays, and possibly some SM plugins. Normal log files will remain working

Source code, and binaries are in the attachment.

Thanks to psychonic for the windows builds.

Donate
Attached Files
File Type: zip exploit_fix.zip (145.3 KB, 1991 views)
__________________
Various bits of semi-useful code in a bunch of languages: http://code.devicenull.org/

Last edited by devicenull; 08-21-2009 at 01:12.
devicenull is offline
MadMakz
SourceMod Donor
Join Date: Oct 2008
Old 08-19-2009 , 15:01   Re: File upload exploit fix
Reply With Quote #2

omg i love you guys! (not gay)
__________________
MadMakz is offline
Atreus
SourceMod Donor
Join Date: Apr 2005
Location: San Diego, CA
Old 08-19-2009 , 16:18   Re: File upload exploit fix
Reply With Quote #3

For those interested:
If you put the file in our addons folder, the VDF contents would look like this:
Code:
"Metamod Plugin"
{
	"alias"		"exploit_fix"
	"file"		"addons/exploit_ob_mm"
}

Last edited by Atreus; 08-19-2009 at 16:26.
Atreus is offline
Send a message via AIM to Atreus Send a message via MSN to Atreus
msleeper
Veteran Member
Join Date: May 2008
Location: Atlanta, Jawjuh
Old 08-19-2009 , 16:49   Re: File upload exploit fix
Reply With Quote #4

Great fix, thanks.
__________________
msleeper is offline
Atreus
SourceMod Donor
Join Date: Apr 2005
Location: San Diego, CA
Old 08-19-2009 , 17:31   Re: File upload exploit fix
Reply With Quote #5

Anyone else getting crashes with this who has SourceBans? it seems to be catching my updated admin files from sourcebans as the exploit and the server crashes
Atreus is offline
Send a message via AIM to Atreus Send a message via MSN to Atreus
msleeper
Veteran Member
Join Date: May 2008
Location: Atlanta, Jawjuh
Old 08-19-2009 , 17:49   Re: File upload exploit fix
Reply With Quote #6

Using Sourcebans here and no crashes.
__________________
msleeper is offline
Kevin_b_er
SourceMod Donor
Join Date: Feb 2009
Old 08-19-2009 , 22:10   Re: File upload exploit fix
Reply With Quote #7

This doesn't work right on windows.

* Blocks creation of sprays.
* Blocks sourcemod from creating files.
* Blocks creation of sourcetv demo recordings. Between these three, the server is much more prone to crashes.
Kevin_b_er is offline
DontWannaName
Veteran Member
Join Date: Jun 2007
Location: VALVe Land, WA
Old 08-19-2009 , 23:16   Re: File upload exploit fix
Reply With Quote #8

Me too it seems, I do enjoy sprays...
__________________

DontWannaName is offline
DontWannaName
Veteran Member
Join Date: Jun 2007
Location: VALVe Land, WA
Old 08-19-2009 , 23:37   Re: File upload exploit fix
Reply With Quote #9

Crash as a result of this?
Attached Files
File Type: mdmp Steam__273447__2009_8_20T3_34_33C2497031.mdmp (153.7 KB, 636 views)
__________________

DontWannaName is offline
psychonic

BAFFLED
Join Date: May 2008
Old 08-19-2009 , 23:49   Re: File upload exploit fix
Reply With Quote #10

Quote:
Originally Posted by Kevin_b_er View Post
This doesn't work right on windows.

* Blocks creation of sprays.
* Blocks sourcemod from creating files.
* Blocks creation of sourcetv demo recordings. Between these three, the server is much more prone to crashes.
He wrote this as a quick temporary plugin to block all writes in hopes that VALVe will fix it sooner than later.
psychonic is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 19:21.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode