Actually the parsing involves the operating system and how the os rendering occurs is dependent upon software, or hardware rendering. Which is universal. If you know OSI layer, then you know once it is transported, and in the server cache (memory) it is already executing.
On Tue, Oct 10, 2017 at 10:23 AM, Alan Love <mumphs...@gmail.com> wrote: > Just because you can upload a file doesn't mean the server will parse it > in a way that would compromise it. That's not how it works. There's a > reason why most of your examples are around exploiting php applications. > > On Oct 10, 2017 9:20 AM, "Stealth Mode" <stealthmode1...@gmail.com> wrote: > >> Another set of examples.... >> >> https://securelist.com/png-embedded-malicious-payload-hidden >> -in-a-png-file/74297/ >> >> https://phocean.net/2013/09/29/file-upload-vulnerabilities- >> appending-php-code-to-an-image.html >> >> http://www.hackingarticles.in/5-ways-file-upload-vulnerabili >> ty-exploitation/ >> >> https://www.owasp.org/index.php/Server-Side_Includes_(SSI)_Injection >> >> Really good book on image file injections... >> >> https://books.google.com/books?id=lG_XdxA5LRUC&pg=PA21&lpg= >> PA21&dq=image+file+injection+compromsing+server&source=bl& >> ots=E_qdLyJY3C&sig=8BSYFi3AukgoccEcujtnrdeoR4Y&hl=en&sa=X& >> ved=0ahUKEwiG58epn-bWAhVi_IMKHcaqD5YQ6AEIWTAH#v=onepage& >> q=image%20file%20injection%20compromsing%20server&f=false >> >> On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <sai...@specialattack.net> >> wrote: >> >>> Do you have a POC? >>> >>> >>> * From: * Stealth Mode <stealthmode1...@gmail.com> >>> * To: * <csgo_servers@list.valvesoftware.com> >>> * Sent: * 10/10/2017 12:44 AM >>> * Subject: * Re: [Csgo_servers] Custom files exploit >>> >>> Yes, IT skills. Electronics skills. And old school knowledge of how to >>> inject image files with malicious code (NetSec/ITSec). This is an older >>> style of "hacking". Remember those warnings about clicking download >>> attachments from the 90s onward? Same thing still applies. Except, there is >>> no detection for any hlds/go server, so an injected image can contaminate a >>> server cache. Which in turn will infect clients. Any image file, any data >>> file really, can be modified like this. Willing to bet good money those >>> $500. go weapon skins have hack code scripted and injected into the image. >>> >>> >>> On Mon, Oct 9, 2017 at 11:59 AM, iNilo <inilo.in...@gmail.com> wrote: >>> >>> Sure, >>> >>> But you have anything to back this up? (don't take it the wrong way) >>> >>> Nilo. >>> >>> 2017-10-09 16:54 GMT+02:00 Stealth Mode <stealthmode1...@gmail.com>: >>> >>> Headsup admins/owners. Might want to disable custom files till valve >>> addresses this issue brought to their attention a month ago. >>> There is an exploit where any client with minor skill can inject custom >>> files with all types of malicious code. From hacks in weapon skins, to >>> ransomware in custom .bsp, to remote backdoors in custom spray paints. >>> >>> The exploit is injecting code into any image, sound, or data file. You >>> can take weapon skins (csgo), sound files, spray paint image files, even >>> .bsp/etc. and inject hack code, or actual ransomware, viruses, or >>> Trojans/rootkits directly into a server cache, or client cache via the >>> custom file. >>> >>> Might want to disable custom files till valve decides to correct this >>> issue. >>> >>> -StealthMode >>> >>> _______________________________________________ >>> Csgo_servers mailing list >>> Csgo_servers@list.valvesoftware.com >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >>> >>> >>> _______________________________________________ >>> Csgo_servers mailing list >>> Csgo_servers@list.valvesoftware.com >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >>> >>> >>> >>> _______________________________________________ >>> Csgo_servers mailing list >>> Csgo_servers@list.valvesoftware.com >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >>> >>> _______________________________________________ >>> Csgo_servers mailing list >>> Csgo_servers@list.valvesoftware.com >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >> >> >> _______________________________________________ >> Csgo_servers mailing list >> Csgo_servers@list.valvesoftware.com >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > > _______________________________________________ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >
_______________________________________________ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
