Raised This Month: $62 Target: $400
 15% 

[L4D1] Prevent votekick exploit


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
Dragokas
Veteran Member
Join Date: Nov 2017
Location: Ukraine
Old 04-14-2019 , 10:34   [L4D1] Prevent votekick exploit
Reply With Quote #1

Valve has update to L4D2, not backported to L4D1.

Some user can use exploit to force votekick without vote (auto-mark all the checkboxes).

Does someone have this exploit or fix?

Setting a listener to the callvote command with returning Plugin_Stop in a callback does not help.

The black window does not appear (in the usual voting, it is intercepted by my vote plugin via CreateMenu), but the exploit somehow bypasses this restriction and displays such a black window already with marked checkboxes (according to one of the player's explanation).

PHP Code:
public void OnAllPluginsLoaded()
{
    
AddCommandListener(CheckVote"callvote");
}

public 
Action CheckVote(int clientchar[] commandint args)
{
    
char s[MAX_NAME_LENGTH];
    if (
args >= 2) {
        
GetCmdArg(1ssizeof(s));
        if (
StrEqual(s"Kick"false)) {
            
GetCmdArg(2ssizeof(s));
            
int UserId StringToInt(s);
            if (
UserId != 0) {
                
int target GetClientOfUserId(UserId);
                if (
target != && IsClientInGame(target))
                    
StartVoteKickAccessCheck(clienttarget);
            }
            return 
Plugin_Stop;
        }
    }

__________________
Expert of CMD/VBS/VB6. Malware analyst.
Dragokas is offline
MasterMind420
Veteran Member
Join Date: Nov 2010
Old 04-14-2019 , 16:38   Re: [L4D1] Prevent votekick exploit
Reply With Quote #2

hmm im not sure but maybe try monitoring all kicks or disconnects pre....check the reason in player disconnect event. im sure theres a way to fix it.
MasterMind420 is offline
Powerlord
AlliedModders Donor
Join Date: Jun 2008
Location: Seduce Me!
Old 04-14-2019 , 17:10   Re: [L4D1] Prevent votekick exploit
Reply With Quote #3

My understanding is that the exploit is that they're using callvote before their client finished connecting. As such, have you considered doing this instead?

PHP Code:
public Action CheckVote(int clientchar[] commandint args
{
    if (!
IsClientConnected(client))
        return 
Plugin_Stop;

Edit: IsClientInGame might work as well
__________________
Am I back? Well, we'll see.

Last edited by Powerlord; 04-14-2019 at 17:11.
Powerlord is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 03:16.


Powered by vBulletin®
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Theme made by Freecode