Old-new client-side DoS exploit [CS v1.6]

Seikk. · **Author**

Hi all!
I apologize in advance for their knowledge of the English language.

Since Alfred sees no need to fix it, then said:

Many remember the vulnerability with labels when required to write a couple of labels and all the players have read the message, crash (> 192 characters at the inlet). Functioning, it is actually using AMXX, but the bug is in the game client.

So, the bug can be reproduced without the help AMXX (no, I do not mean "rcon say" chat-channel) - in HLTV spectators chat-channel. That's right, you can check:
1. Connect HLTV server with CVar chatmode '1' (So far, the only protection to the value '0');
2. Write in the chat "#CStrike_GIGN_Label #CStrike_GIGN_Label" (as an example, a lot of options);
3. Done! Any major broadcast, with dozens of spectators and commentator cut short!

Bug urgent need to correct! Or maybe not? In any case, Alfred silent second week...
Each will make conclusions for themselves.

Thanks.

simanovich · 02-24-2016 , 00:40 Re: Old-new client-side DoS exploit [CS v1.6]

This was fixed almost 3 years ago.

Seikk. · 02-24-2016 , 01:49 Re: Old-new client-side DoS exploit [CS v1.6]

Quote:

Originally Posted by simanovich

This was fixed almost 3 years ago.

True? I use the Steam beta client and beta hltv server downloaded from SteamCMD (6153 build, v1.1.2.7).

simanovich · 02-24-2016 , 06:44 Re: Old-new client-side DoS exploit [CS v1.6]

Quote:

Originally Posted by Seikk.

True? I use the Steam beta client and beta hltv server downloaded from SteamCMD (6153 build, v1.1.2.7).

The last time I checked, which is about 1 year ago, it doesn't do anything a just show me "#CStrike_GIGN_Label" in the chat. Used updated client & server with beta, no metamod or amxmodx

Seikk. · 02-24-2016 , 10:04 Re: Old-new client-side DoS exploit [CS v1.6]

Quote:

Originally Posted by simanovich

The last time I checked, which is about 1 year ago, it doesn't do anything a just show me "#CStrike_GIGN_Label" in the chat. Used updated client & server with beta, no metamod or amxmodx

Without metamod/amxmodx bug works in server 'say' cmd (or client 'rcon say' cmd) chat-channels on game server and client 'say' cmd on hltv server. Try it.

safetymoose · 02-24-2016 , 15:41 Re: Old-new client-side DoS exploit [CS v1.6]

https://forums.alliedmods.net/showpo...7&postcount=28

Seikk. · 02-24-2016 , 16:05 Re: Old-new client-side DoS exploit [CS v1.6]

Quote:

Originally Posted by safetymoose

https://forums.alliedmods.net/showpo...7&postcount=28

And how you offer to install the mm-plugin on HLTV server? Btw, long since a new 2.4 version was released.

addons_zz · 02-25-2016 , 02:44 Re: Old-new client-side DoS exploit [CS v1.6]

A server hosted by the site hltv.org? You cannot install plugins? Lets they deal with it.

Seikk. · 02-25-2016 , 13:48 Re: Old-new client-side DoS exploit [CS v1.6]

Quote:

Originally Posted by addons_zz

A server hosted by the site hltv.org?

Quote:

Originally Posted by Seikk.

beta hltv server downloaded from SteamCMD (6153 build, v1.1.2.7)

Perhaps you misunderstood me. Why we are talking about hosting? HLTV, in my context, is a SOFTWARE, not a HARDWARE. Re-read the first post I write bad English.

Yea, bug with labels in chat works on HLTV server between spectators. How to deal with it, if on HLTV is impossible to install MetaMod? The only protection - chat close (CVar chatmode '0').

addons_zz · 02-25-2016 , 15:57 Re: Old-new client-side DoS exploit [CS v1.6]

HLDS is the server, HLTV is a client which connect to HLDS server and "HLTV Server" means a HLDS server hosted by hltv.org

Beyond it I do not what does you mean by "HLTV Server".