www.Hacking-Romania.com
Hacking, gaby hacker team, programe hack, radmin hack, hi5 hack, hack the west, hacking romania, hacking stuff, hacking tools, 1 hack, 1st hacks, 2 hack, 2 hacks, 3 hack, 3 hacks, 3000 hack, 3004 hack, 4 hack, 4 hacks, 55 hack, 6 hack, 6 hacks, 7 hack, 7 hacks, 9 hack, 9dragons hack, a hack, adventure quest hack, aim hack, alz hack, and hacks, best hack, blue hack, bots hack, bots hacks, buy hack, cabal online hack, chaos hacks, cheat engine hack, cheat hack, cheats and hacks, cheats hacks, city hack, club hack, combo hack, conquer hacks, conquer online hack, conquer online hacks, conquer speed hack, conquiztador hack, counter strike 1.6 hack, damage hack, de hack, download hack, download hack for, dragonfable hack, dragonfable hacks, drakkarious hack, exp hack, flyff hack, free hack, free hacks, game hack, game hacks, garena exp hack, gladiatus hack, gm hack, gold hack, gunz hack, hack, hack 5, hack a pc, hack a site, hack a website, hack blog, hack conquer, hack counter strike, hack crack, hack cs, hack cs 1.6, hack dvd, hack email, hack forum, hack hunter, hack id, hack info, hack it, hack mess, hack muonline, hack net, hack password, hack passwords, hack pc, hack pdf, hack programs, hack site, hack sites, hack soft, hack software, hack team, hack the game, hack this, hack website, hack windows xp, hack world, hack xp, hacked, hacking, hacking game, hacking programs, hacking software, hacking tutorials, hacks, how hack, how to hack, icon hack, last chaos hack, last chaos hacks, life hack, lineage 2 hack, lineage 2 hacks, linux hack, lvl hack, maplestory hacks, mobile hack, multi hack 3.0, mybrute hack, naruto arena hack, naruto arena hacks, one hit kill hack, online hacks, perfect world hacks, pool hack, programe hack, resolution hack, resource hack, roll hack, royal hack, silkroad hack, source hack, speed hack, speed hacks, super hack, the west hack, warrock hack, warrock hacks, web hack, xpango hack, lockerz forum 		Lista Forumurilor Pe Tematici
www.Hacking-Romania.com | Reguli | Inregistrare | Login

POZE WWW.HACKING-ROMANIA.COM

Nu sunteti logat. 		Nou pe simpatie:
Pisii 24 ani
Femeie
24 ani
Ialomita
cauta Barbat
24 - 44 ani
www.Hacking-Romania.com / Hacking-ul nostru cel de toate zilele / Counter-Strike Crosszone vulnerability  
Autor
Mesaj Pagini: 1
harry2115
Moderator

Inregistrat: acum 16 ani
Postari: 385
Chapter 1

CrossZone using Counter Strike MOTD

Like most of you already knows, Counter Strike 1.6 MOTD can be a html page. You can see an iframe to a website, you can click on some links, you can see a image, all of this directly in your Counter-Strike client. But what is the real problem? The problems are:

- if you use an iframe to a local file you have the chance to execute the file
- if you use an iframe to a local text file you can read content of that file in the MOTD window

I tried to execute a shellcode but javascript is not allowed in this case and all the shellcodes I know are based on javascript. If anyone can make a better proof of concept I’ll be glad to see the results.

Unfortunately I didn’t succed to execute .exe files without user intervention.

Watch the video tutorial for a better understanding.

Chapter 2

XSS in webmod

Is strange that we can find this vulnerability in a game like Counter Strike web application. Where are located the XSS vulnerabilities?

1. Url:(document.cookie)</script>
2. Ingame name: just use a name like “><script>alert(/XSS/)</script>”. When someone is viewing the webmod page an alert with /XSS/ message will pop-up. Lame coding? Yes! This can be very annoing and dangerous if someone can find a way to use his name for cookie stealing. The best part is just coming in the next chapter.


Chapter 3

Cookie problem

Well this is actually very simple. The cookie contains rcon password in plain-text.


Chapter 4

Worst case scenario

Let's say that someone finds a way to download&execute files using the MOTD bug, let's say that someone will use his name as a cookie stealer and let's say that he will succed to steal the cookie from the server admin and find rcon password. This acces can help him to log in the webmod page and change the server MOTD content with his evil code. This can be very simple and a good way to inject malicious software on the players computers.

For a better understanding of what I'm saying just watch the video tutorial.


Nemessis | RstZone 2007

Video download link:

Password: rstzone


_______________________________________
[img]http://img191.imageshack.us/img191/3862/45256061.jpg[/img]
[img]http://img.userbarz.com/35/6865.jpg[/img]
[color=red]Putina rabdare,putina culoare....
Si ziua-i frumoasa ca ziua cu soare!!!![/color]
pus acum 16 ani
   
andreynba
MEMBRU SPECIAL

Din: Alba Iulia
Inregistrat: acum 16 ani
Postari: 448
1.please pe romana ca nu am chef de engelza
2.exista topic special pt cs
pus acum 16 ani
   
harry2115
Moderator

Inregistrat: acum 16 ani
Postari: 385
jtiu man...........dar nu cred ca se refera in totalitate la joc............ci mai degraba la hackui-rea lui..........          

_______________________________________
[img]http://img191.imageshack.us/img191/3862/45256061.jpg[/img]
[img]http://img.userbarz.com/35/6865.jpg[/img]
[color=red]Putina rabdare,putina culoare....
Si ziua-i frumoasa ca ziua cu soare!!!![/color]
pus acum 16 ani
   
andreynba
MEMBRU SPECIAL

Din: Alba Iulia
Inregistrat: acum 16 ani
Postari: 448
ok da prima o poti face please???)
pus acum 16 ani
   
Pagini: 1  

Mergi la