New Exploit - hard to explain.

Someone replaced the map name with a folder of the same name and included a txt file.
Checked FTP & RDP logs, nothing shows.

Addons: Wire/ULX/Random shit, only thing that could be remotely viable for this type of exploit would be Wire/ULX

That be all I know :). Anyone got any ideas?

So, what? Does the server try and load the content of the folder or something? You only explained that someone managed to put a folder there, not the symptoms it causes.

Well, srcds just reported map not found.

Unsure if they can exec code as all they put in was asdf

What I’d be more worried about is whether or not they can change the file extension.

I think what Pantho is trying to say is somehow somebody has replaced the map with a folder containing a useless text file, meaning he now has to install the map again - which is surely going to become very tiresome to do over and over.

If the extension can be changed I would too be more worried about that.

im sorry lol

Im sure there is a perfectly reasonable explanation for this. Not trying to be a knob but no doubt it will revolve around the word Roleplay.

This Exploit is really old and its not garrysmod mod, its the engine

That would be a rather old exploit, it’s nice to see it being used again since valve loves to use blacklists instead of whitelists in rather sensitive areas.

http://www.facepunch.com/threads/856379

The engine.dll thing was because of there being an exploit in a specific version of the engine or something.

Just put sv_allowupload to 0 and you’re done.

Already set :confused:

Wasn’t the upload/download exploit fixed though?