Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 12:18

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 11 posts ] 
Author Message
 Post subject: JK2: Q3DirTrav problem..
PostPosted: 24 Oct 2007 00:50 

Joined: 24 Oct 2007 00:44
Posts: 26
Hi,

I have a problem with the q3dirtrav PoC.
The prob: Can't download files with a space " " in the path.

And also, is it possible to upload anything to the server? or inject to it client-side?


Top
 Profile  
 
 
 Post subject:
PostPosted: 24 Oct 2007 05:37 

Joined: 17 Oct 2007 08:10
Posts: 31
Location: South Carolina
I'm not sure about downloading files with spaces. I haven't had any success with q3dirtrav yet. You might try replacing the space with %20 in each space.

For example:

/download file%20name.txt

I think that most q3 stuff has underscores in the file names instead of spaces.


For your other question check out this:

http://www.youtube.com/watch?v=z1KfnYB8RIo

http://aluigi.altervista.org/adv/q3cbof-adv.txt



lol...now i'll let Luigi come and explain it all :P


Top
 Profile  
 
 Post subject:
PostPosted: 24 Oct 2007 09:46 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
you can try a simple thing in your game's console:

/download "base/file with spaces.txt"


Top
 Profile  
 
 Post subject: Re: JK2: Q3DirTrav problem..
PostPosted: 26 Oct 2007 01:37 

Joined: 05 Oct 2007 01:20
Posts: 402
Location: Florida
[quote="Some Guy Named Dave"]Hi,

I have a problem with the q3dirtrav PoC.
The prob: Can't download files with a space " " in the path.

And also, is it possible to upload anything to the server? or inject to it client-side?[/quote]

dave, only like 2 servers on 1.02 have downloads on, open bar and some other place i forget, if ur still on 1.02


Top
 Profile  
 
 Post subject:
PostPosted: 29 Oct 2007 20:28 

Joined: 29 Oct 2007 10:20
Posts: 8
On the most of serversare different names of files server.cfg which have been change by administrators.
Is it possible to download all files named *.CFG or find out name of server?


Top
 Profile  
 
 Post subject:
PostPosted: 29 Oct 2007 22:31 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
no, it's not possible if you don't know the names


Top
 Profile  
 
 Post subject:
PostPosted: 01 Nov 2007 20:27 

Joined: 29 Oct 2007 10:20
Posts: 8
:-( ok that clear !
so.... any question mate^^:
Maybe another tool show the game directory files...?
maybe next version the tool .... say me pls.
only 5 servers use the name server.cfg...
probably language is problem...FR- france use serveur not server ^^
Maybe specified file of the game know what name is the server file....?
LOG file and another of the game.
REG EDIT ?


Top
 Profile  
 
 Post subject:
PostPosted: 01 Nov 2007 21:49 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
The bug is a blind directory traversal vulnerability, so you can download the files only if you know their exact location and name.
You cannot "navigate" through the folders, that's why there is nothing else to do.

Anyway, if I'm not in error, Windows has an indexing service enabled by default for faster searchs but I don't know if it saves the index files somewhere... I have never used it.


Top
 Profile  
 
 Post subject:
PostPosted: 02 Nov 2007 09:04 

Joined: 16 Oct 2007 18:47
Posts: 23
if you are lucky the file is in ~home/.bash_history or ~/home/recently-used ^^ but hacking is bad so better dont use it :P
or if you are really lame you can download the pws and login @ the server via SSH even if i dont suggest you this -.- o.O


Top
 Profile  
 
 Post subject:
PostPosted: 02 Nov 2007 11:10 

Joined: 29 Oct 2007 10:20
Posts: 8
I thing q3dirtrav worked only to Game Directory ...because
/download ..\..\..\..\windows\win.ini and /download ../../../../../etc/passwd
not work for me ,iron know why...

why not work too the string... maybe wrong ?
q3dirtrav /%WINDIR%/COD.INI


Top
 Profile  
 
 Post subject:
PostPosted: 02 Nov 2007 14:26 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
Is possible that the server has been patched, or that it works on a disk in which is not located the operating system or many other reasons (using slash or backslash is the same since CoD set any backslash to slash automatically).
In my video about this q3dirtrav bug for example I downloaded a file which was located in the Battlefield's folder ih ih ih

While about %WINDIR%, infact fopen("%WINDIR%\\win.ini", "rb") doesn't work


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 11 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: