> It would require another malicious script to parse the exif tag and eval some > PHP.
It would require another, poorly written script that handles the data in a poor and unsafe way. ftfy ;) He also - on multiple occasions - reminded us that this is a „old style of hacking“ and indeed, if you learned programming seriously in the last decade you should know that you don’t trust untrusted data, ever. By his logic a .txt is completely unsecure (given that you eval() it in your shitty PHP code). Am 10.10.2017 um 16:19 schrieb Alan Love <mumphs...@gmail.com>: > Did you read how that's actually exploited? It would require another > malicious script to parse the exif tag and eval some PHP. How exactly would a > similar situation occur on a hosted game server? Do you have a poc? You say > this email chain is one but I dont think you quite know what you're talking > about. > > On Oct 10, 2017 9:15 AM, "Stealth Mode" <stealthmode1...@gmail.com> wrote: > This email is fine for a POC. Far as the exploit, for those who arent > familiar, this is an example. > > https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding-Webshell-Backdoor-Code-in-Image-Files/ > > On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <sai...@specialattack.net> wrote: > Do you have a POC? > > > From: Stealth Mode <stealthmode1...@gmail.com> > To: <csgo_servers@list.valvesoftware.com> > Sent: 10/10/2017 12:44 AM > Subject: Re: [Csgo_servers] Custom files exploit > > Yes, IT skills. Electronics skills. And old school knowledge of how to inject > image files with malicious code (NetSec/ITSec). This is an older style of > "hacking". Remember those warnings about clicking download attachments from > the 90s onward? Same thing still applies. Except, there is no detection for > any hlds/go server, so an injected image can contaminate a server cache. > Which in turn will infect clients. Any image file, any data file really, can > be modified like this. Willing to bet good money those $500. go weapon skins > have hack code scripted and injected into the image. > > > On Mon, Oct 9, 2017 at 11:59 AM, iNilo <inilo.in...@gmail.com> wrote: > Sure, > > But you have anything to back this up? (don't take it the wrong way) > > Nilo. > > 2017-10-09 16:54 GMT+02:00 Stealth Mode <stealthmode1...@gmail.com>: > Headsup admins/owners. Might want to disable custom files till valve > addresses this issue brought to their attention a month ago. > There is an exploit where any client with minor skill can inject custom files > with all types of malicious code. From hacks in weapon skins, to ransomware > in custom .bsp, to remote backdoors in custom spray paints. > > The exploit is injecting code into any image, sound, or data file. You can > take weapon skins (csgo), sound files, spray paint image files, even > .bsp/etc. and inject hack code, or actual ransomware, viruses, or > Trojans/rootkits directly into a server cache, or client cache via the custom > file. > > Might want to disable custom files till valve decides to correct this issue. > > -StealthMode > > _______________________________________________ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > > _______________________________________________ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > > > _______________________________________________ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > _______________________________________________ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > > _______________________________________________ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > _______________________________________________ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
_______________________________________________ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers