Results 1 to 3 of 3
  1. 02-13-2018 #1
    pr0ctor
    pr0ctor is offline
    New Member
    pr0ctor's Avatar
    Join Date
    Feb 2018
    Gender
    female
    Posts
    1
    Reputation
    10
    Thanks
    0
    Send a message via Birdie™ to pr0ctor Japan

    Exclamation Servers & Clients fulnerable to remote code execution ?

    *vulnerable..

    Hi,

    this is more a technical question about the possibility itself and whether there is currently a high risk in starting CF.
    (Apart from the theoretical attack surface.)
    I am not interested in hacking the servers, more in protecting people from a possible security breach.

    According to some people you can DDOS other players ingame, without any other contact than being in the same lobby.
    Meaning you get their IP through the game itself.
    This would mean the servers are vulnerable to leaking IPs, spinning this ahead we could reach command sending to other clients and in the end remote code execution (by using the buffer overflow of your choice in the command parser of CF). While the CF process is running as Administrator...

    A friend of mine had his epic games ID & Password written in the (crossfire) lobby chat without any interaction.
    Is this a thing or just a rumor with a bad timing of a friend having probably done something wrong ?
    Last edited by pr0ctor; 02-13-2018 at 07:33 AM. Reason: vulnerable
    Reply With Quote Reply With Quote
  2. 02-13-2018 #2
    critikal17
    critikal17 is offline
    Dual-Keyboard Member
    MPGH Member
    critikal17's Avatar
    Join Date
    Jul 2017
    Gender
    male
    Location
    Your bitch's house
    Posts
    251
    Reputation
    10
    Thanks
    55
    My Mood
    Daring
    Send a message via Birdie™ to critikal17 United States
    Sounds like your friend has done something wrong. A security bug that big would've been found ages ago.

    Selling Bitcoin!
    15% Rate
    $1.15 Paypal for Every $1 BTC
    Click to add me on IM!
    Reply With Quote Reply With Quote
  3. 02-14-2018 #3
    quanschink
    quanschink is offline
    Dual-Keyboard Member
    MPGH Member
    quanschink's Avatar
    Join Date
    Jul 2011
    Gender
    male
    Posts
    368
    Reputation
    10
    Thanks
    36
    My Mood
    Sneaky
    Send a message via Birdie™ to quanschink Azerbaijan
    this risk is too big to get unnoticed by z8games, your friend must be joking.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. [Help Request] Connect to server without client only with java code (network programming).
    By Nosy in forum Minecraft Help
    Replies: 0
    Last Post: 10-05-2013, 11:58 AM
  2. Mozilla Firefox view-source:javascript url Code Execution Exploit:
    By RoB07 in forum Exploits
    Replies: 12
    Last Post: 05-29-2010, 05:50 AM
  3. Apache 1.3.x mod_mylo Remote Code Execution Exploit
    By Token in forum Exploits
    Replies: 0
    Last Post: 10-13-2008, 09:24 PM
  4. Pokemon Cyrus (Open Source Server and Client) But Need Encryption Lock Help
    By valadon in forum General Hacking
    Replies: 0
    Last Post: 09-01-2008, 08:28 PM
  5. MDaemon IMAP server 9.6.4 (FETCH) Remote Buffer Overflow Exploit
    By mostwanted in forum Exploits
    Replies: 0
    Last Post: 03-25-2008, 12:31 PM