UPDATE Jan 15 09 - exploits actively abused

Discussion for Admins of ETPro/BayonET servers.
If you don't run a server, please don't post here...

Moderators: Forum moderators, developers

User avatar
ReyalP
Posts: 1663
Joined: Fri Jul 25, 2003 11:44 am

Post by ReyalP »

Yes, I mistakenly tested that against a later version, and then my internets died :cry:
send lawyers, guns and money
User avatar
ReyalP
Posts: 1663
Joined: Fri Jul 25, 2003 11:44 am

Post by ReyalP »

send lawyers, guns and money
User avatar
Nail
Posts: 425
Joined: Fri Jan 02, 2004 3:47 pm
Contact:

Post by Nail »

once again, thank you
Improvise, Adapt, Overcome
the_mo
Posts: 2
Joined: Thu May 01, 2008 8:01 am

Post by the_mo »

does anyone have any closer contact with the clanbase admins? because the updated lua-module is useless uptodate because its ID isnt allowed in any league yet (because they havent released new configs)
User avatar
Deus
Posts: 1053
Joined: Fri Mar 12, 2004 2:24 am
Location: Germany
Contact:

Post by Deus »

clanbase is teh suq anyway (IMO)
some kind of world leader pretend stuff
the_mo
Posts: 2
Joined: Thu May 01, 2008 8:01 am

Post by the_mo »

well.. agree to that. sadly im just administering the servers and kinda dont really care, which leagues the clan plays :)
User avatar
Luk4ward
Posts: 236
Joined: Sun Jul 30, 2006 1:55 pm
Location: Poland
Contact:

Post by Luk4ward »

etpro is not only for leagues servers, tbh there are more pub on which even more players are playing, so dnt say its useless. CB as an organization can be so called ;)
wolFTeam.pl
SPU9
Posts: 9
Joined: Thu May 15, 2008 5:55 am

Post by SPU9 »

i am in contact with clanbase and they will hopefully release a new configpack with some fixes within the next 1-2-3 weeks
User avatar
Luk4ward
Posts: 236
Joined: Sun Jul 30, 2006 1:55 pm
Location: Poland
Contact:

Post by Luk4ward »

UPDATE August 1 2008
etadmin_mod can be tricked into giving people with certain names admin access. See http://www.snl-clan.com/forum/viewtopic.php?f=9&t=9789 for a workaround.

ty SNL|Lucel|STA
I fixed it via lua in ACpro in the day when it was discovered:

click
wolFTeam.pl
User avatar
ReyalP
Posts: 1663
Joined: Fri Jul 25, 2003 11:44 am

Post by ReyalP »

New update, see first post.
send lawyers, guns and money
User avatar
EvilJohn
Posts: 35
Joined: Mon Jun 06, 2005 11:21 pm
Location: Lost in a custom map
Contact:

Post by EvilJohn »

Many thanks
First is the innovator, then comes the imitators. Lastly the idiots.
User avatar
Luk4ward
Posts: 236
Joined: Sun Jul 30, 2006 1:55 pm
Location: Poland
Contact:

Post by Luk4ward »

ReyalP wrote:New update, see first post.
I checked this on the server and it says:

Code: Select all

invalid string bla bla
2nd of all u can vote only on specified votes?
wolFTeam.pl
roissgil
Posts: 4
Joined: Sat Mar 04, 2006 4:01 pm

Post by roissgil »

is there a fix for the ^ at end of name outside of ACPro?
User avatar
Luk4ward
Posts: 236
Joined: Sun Jul 30, 2006 1:55 pm
Location: Poland
Contact:

Post by Luk4ward »

roissgil wrote:is there a fix for the ^ at end of name outside of ACPro?
http://www.snl-clan.com/forum/viewtopic.php?f=9&t=9789

Btw can anyone confirm me that the last update is really necessarry? Coz i checked this and ET is already patched for those bugs, am i right?

edited:

I made updated version of combinedfixes with name fix if u want. Here u go a link: http://acpro.wolfteam.pl//file.php?id=11 (haven't tested it yet, but should be working)
Last edited by Luk4ward on Fri Feb 20, 2009 12:19 pm, edited 1 time in total.
wolFTeam.pl
User avatar
Luk4ward
Posts: 236
Joined: Sun Jul 30, 2006 1:55 pm
Location: Poland
Contact:

Post by Luk4ward »

I heard that some ET server got hacked because of the vote exploit. So its working, but with hacked client. Btw i think i found a little typo in your code Reyalp :):
if cmd == "callvote" or cmd == "ref" or cmd == "sa" or cmd == "semiadmin" then
local args=et.ConcatArgs(1)
-- et.G_LogPrint(string.format("combinedfixes: client %d %s [%s]\n",cno,cmd,args))
if string.find(args,"[\r\n]") then
et.G_LogPrint(string.format("combinedfixes: client %d bad %s [%s]\n",cno,cmd,args))
return 1;
end
return 0
end
There is additional ; char, which belongs to language C :D an i guess will create an error in lua...I dnt know why even if i fix your code it is still not working...So i modified your code a bit:

Code: Select all

function et_ClientCommand(cno,cmd)

local msg = ""
local cmd = string.lower(cmd)
local args = et.ConcatArgs(1)
local arg1 = et.trap_Argv(1)
	
	if cmd == "ws" then
	   local n = tonumber(arg1)
		if not n then
			et.G_LogPrint(string.format("wsfix: client %d bad ws not a number [%s]\n",cno,tostring(arg1)))
			return 1
		end

		if n < 0 or n > 21 then
			et.G_LogPrint&#40;string.format&#40;"wsfix&#58; client %d bad ws %d\n",cno,n&#41;&#41;
			return 1
		end
		return 0
	end

-- modified code from Reyalp
 if cmd == "callvote" or cmd == "ref" or cmd == "sa" or cmd == "semiadmin" then
    local _, counts = string.gsub &#40;args, "%s", ""&#41;  -- count spaces
    
    if counts > 1 then
       msg = string.format&#40;"cpm  \"Remove additional spaces!\n"&#41;
       et.trap_SendServerCommand&#40;cno, msg&#41;
       return 1
    end
    
     if string.find&#40;args,"%\\"&#41; or string.find&#40;args,"%;"&#41; then
       msg = string.format&#40;"cpm  \"Invalid string!\n"&#41;
       et.trap_SendServerCommand&#40;cno, msg&#41;
       return 1
     end
     
  return 0
  end
  
  return 0
end

This will catch any character \ and any additional spaces in callvote parametr. For those who wants to use combinedfixes.lua modified by me I gave a link above. And for those who runs ACpro i made a quick fix too (same source wolfteam.pl). New ACpro is still under construction.
Last edited by Luk4ward on Fri Feb 20, 2009 12:05 pm, edited 2 times in total.
wolFTeam.pl
Post Reply