Hunting for exploits

Hello,

It has recently come to my attention that the server I develop for has a few exploits available.
I’d like to know what are possible security holes for running server-side code that I should look out for. I am aware of ‘RunString’ and ‘RunStringEx’, but is there more?

Any help is much appreciated

Post server ip and I’m sure some lovely facepunchers would be more than happy to come find them for you.

Net messages are usually badly coded

Dammit, Kevlon.

Ninja’d, but yes. Be careful with the net library.

can someone give an example how the net library would be a plausible exploit?

Basically trusting the client.

Example:



myCoins = 0;
net.Start("send_coins_to_server")
     net.WriteInt(myCoins, 32)
net.SendToServer()


How this can be exploited:



myCoins = 0;
net.Start("send_coins_to_server")
     net.WriteInt(99999, 32)
net.SendToServer()


Basically double check everything serverside, or handle it mostly serverside

I probably explained this terribly, sorry, someone correct me if I did

  1. Never trust your client. 2. Always check their inputs.

Examples on exploits: http://forum.facepunch.com/showthread.php?t=1369365
Some are “harmless” as in darkrp money. Others allow clients to run lua on the server.

-Snip ninjaed-

Thanks a lot for the help, I’ll check through the usage of the net functions and read up on the Exploit Fix Guide.