Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 13:59

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 5 posts ] 
Author Message
 Post subject: q3dirtrav info
PostPosted: 12 Jun 2008 02:05 

Joined: 12 Jun 2008 02:01
Posts: 3
Hello, I am hosting a server on W:ET 2.55. I was testing to see what exploits I am vulnerable to. I am vulnerable to the q3fill exploit. But thankfully, I don't seem to be vulnerable to the q3dirtrav exploit.

I started it up, and hit /download etmain/server.cfg and it went to my download redirect site.

I wanted to be sure that this was because my server was not vulnerable to the exploit, and not because I was doing something wrong.

The program is self explanatory, and I don't see how I could of gotten anything wrong. But any information would be appreciated.


Top
 Profile  
 
 
 Post subject:
PostPosted: 12 Jun 2008 02:16 

Joined: 12 Jun 2008 02:01
Posts: 3
This is the error I get.

Code:
]/download etmain/server.cfg
Client download subsystem initialized
Replace existing download target file
Failed to initialize download for 'http://www.[myRedirectAddress].com/enemy-territory/etmain/server.cfg'
RE_Shutdown( 0 )]


Thanks again for help.


Top
 Profile  
 
 Post subject:
PostPosted: 12 Jun 2008 07:55 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
as far as I know when a server uses the download www redirection (sv_wwwdownload or similar) is not possible for the client to "switch" on the quake 3 engine downloader.
So you should be enough safe


Top
 Profile  
 
 Post subject:
PostPosted: 12 Jun 2008 22:38 

Joined: 12 Jun 2008 02:01
Posts: 3
Sweet. Thanks much =).


Top
 Profile  
 
 Post subject:
PostPosted: 10 Aug 2008 01:01 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
you should make another test.
on the client set cl_wwwDownload to 0 and retry with q3dirtrav versus your server.
It's possible that with this method the bug is still exploitable.


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 5 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: