UPDATE Jan 15 09 - exploits actively abused

[ReyalP]

Yes, I mistakenly tested that against a later version, and then my internets died

[ReyalP]

fixed: combinedfixes.lua

[Nail]

once again, thank you

[the_mo]

does anyone have any closer contact with the clanbase admins? because the updated lua-module is useless uptodate because its ID isnt allowed in any league yet (because they havent released new configs)

[Deus]

clanbase is teh suq anyway (IMO)
some kind of world leader pretend stuff

[the_mo]

well.. agree to that. sadly im just administering the servers and kinda dont really care, which leagues the clan plays

[Luk4ward]

etpro is not only for leagues servers, tbh there are more pub on which even more players are playing, so dnt say its useless. CB as an organization can be so called

[SPU9]

i am in contact with clanbase and they will hopefully release a new configpack with some fixes within the next 1-2-3 weeks

[Luk4ward]

UPDATE August 1 2008
etadmin_mod can be tricked into giving people with certain names admin access. See http://www.snl-clan.com/forum/viewtopic.php?f=9&t=9789 for a workaround.

ty SNL|Lucel|STA

I fixed it via lua in ACpro in the day when it was discovered:

click

[ReyalP]

New update, see first post.

[EvilJohn]

Many thanks

[Luk4ward]

New update, see first post.

I checked this on the server and it says:

Code: Select all

invalid string bla bla

2nd of all u can vote only on specified votes?

[roissgil]

is there a fix for the ^ at end of name outside of ACPro?

[Luk4ward]

is there a fix for the ^ at end of name outside of ACPro?

http://www.snl-clan.com/forum/viewtopic.php?f=9&t=9789

Btw can anyone confirm me that the last update is really necessarry? Coz i checked this and ET is already patched for those bugs, am i right?

edited:

I made updated version of combinedfixes with name fix if u want. Here u go a link: http://acpro.wolfteam.pl//file.php?id=11 (haven't tested it yet, but should be working)

[Luk4ward]

I heard that some ET server got hacked because of the vote exploit. So its working, but with hacked client. Btw i think i found a little typo in your code Reyalp :

if cmd == "callvote" or cmd == "ref" or cmd == "sa" or cmd == "semiadmin" then
local args=et.ConcatArgs(1)
-- et.G_LogPrint(string.format("combinedfixes: client %d %s [%s]\n",cno,cmd,args))
if string.find(args,"[\r\n]") then
et.G_LogPrint(string.format("combinedfixes: client %d bad %s [%s]\n",cno,cmd,args))
return 1;
end
return 0
end

There is additional ; char, which belongs to language C an i guess will create an error in lua...I dnt know why even if i fix your code it is still not working...So i modified your code a bit:

Code: Select all

function et_ClientCommand(cno,cmd)

local msg = ""
local cmd = string.lower(cmd)
local args = et.ConcatArgs(1)
local arg1 = et.trap_Argv(1)
	
	if cmd == "ws" then
	   local n = tonumber(arg1)
		if not n then
			et.G_LogPrint(string.format("wsfix: client %d bad ws not a number [%s]\n",cno,tostring(arg1)))
			return 1
		end

		if n < 0 or n > 21 then
			et.G_LogPrint&#40;string.format&#40;"wsfix&#58; client %d bad ws %d\n",cno,n&#41;&#41;
			return 1
		end
		return 0
	end

-- modified code from Reyalp
 if cmd == "callvote" or cmd == "ref" or cmd == "sa" or cmd == "semiadmin" then
    local _, counts = string.gsub &#40;args, "%s", ""&#41;  -- count spaces
    
    if counts > 1 then
       msg = string.format&#40;"cpm  \"Remove additional spaces!\n"&#41;
       et.trap_SendServerCommand&#40;cno, msg&#41;
       return 1
    end
    
     if string.find&#40;args,"%\\"&#41; or string.find&#40;args,"%;"&#41; then
       msg = string.format&#40;"cpm  \"Invalid string!\n"&#41;
       et.trap_SendServerCommand&#40;cno, msg&#41;
       return 1
     end
     
  return 0
  end
  
  return 0
end

This will catch any character \ and any additional spaces in callvote parametr. For those who wants to use combinedfixes.lua modified by me I gave a link above. And for those who runs ACpro i made a quick fix too (same source wolfteam.pl). New ACpro is still under construction.