« previous next »
Pages: 1 ... 14 15 16 17 18 [19] 20 21 22

Author Topic: Jeetlor's Master Server spam  (Read 40518 times)

AutoBahn

July 01, 2015, 07:53:28 PM
After reviewing both Chrisbot's and Ocelotus' versions of Support_Renderman, Support_AdminEvents.cs is both in v3 and v4 of Support_Renderman, but v3 contains the non-exploitable version.
V3
Exploitable V4


Wasn't Ocelotus banned from the forum/revoked recently?

Ad Bot

Advertisement

Headcrab Zombie

July 01, 2015, 07:58:05 PM
Quote from: Badspot on July 01, 2015, 06:22:53 PM
I have placed a limit on the number of server listings a single ID can have.  The limit will be relaxed once things settle down.

I have confirmed that there is an eval injection exploit in the add-on script Support_AdminEvents.cs.  Multiple add-ons include this script for some reason.  I will be releasing an update to prevent execution of this script.
Please just CRC ban the bad one
The real version is a perfectly legitimate script

The Resonte!

July 01, 2015, 07:58:44 PM
Quote from: AutoBahn on July 01, 2015, 07:53:28 PM
Wasn't Ocelotus banned from the forum/revoked recently?
yes and i believe he went on a spree of spam topics
after he claimed that his mother had lung cancer

Biostorm

July 01, 2015, 08:03:24 PM
Wow, so this all happened while I was gone? Can't believe I missed this

AutoBahn

July 01, 2015, 08:04:30 PM
Zapk's Server_ServerMusic does indeed contain the tainted version of Support_AdminEvents.cs.
Mirror, since his repository site was taken offline

Jeetlor2

July 01, 2015, 08:13:32 PM
Quote from: Biostorm on July 01, 2015, 08:03:24 PM
Wow, so this all happened while I was gone? Can't believe I missed this
Yes it was pretty entertaining while it lasted. It sucked being blamed for doing this though.

Wolfeh9478

July 01, 2015, 08:33:54 PM
So is it over now or what?

Jeetlor2

July 01, 2015, 08:39:36 PM
Quote from: Wolfeh9478 on July 01, 2015, 08:33:54 PM
So is it over now or what?
Its been over for hours now.

Meta_KnightX

July 01, 2015, 08:43:55 PM
Quote from: Badspot on July 01, 2015, 06:22:53 PM
I have placed a limit on the number of server listings a single ID can have.  The limit will be relaxed once things settle down.

I have confirmed that there is an eval injection exploit in the add-on script Support_AdminEvents.cs.  Multiple add-ons include this script for some reason.  I will be releasing an update to prevent execution of this script.
Oh thank Badspot!

I also got the update ;3

Akio

July 01, 2015, 08:45:33 PM
Quote from: The Resonte! on July 01, 2015, 07:58:44 PM
yes and i believe he went on a spree of spam topics
after he claimed that his mother had lung cancer
Who would even download something made by Ocelotus? He has zero coding ability.

AutoBahn

July 01, 2015, 08:53:09 PM
Asked zapk where he might have gotten it:


GMO Ferret

July 01, 2015, 10:10:53 PM
It turns out Visolator, Zapk, and Summet were the main ones involved in this problem.

Visolator sent me his goodbye message to me over steam, and since his keys got revoked, he wasn't able to post it. Here it is:

GMO Ferret

July 01, 2015, 10:13:46 PM

AutoBahn

July 01, 2015, 10:15:04 PM
holy stuff, well that solves that

Akio

July 01, 2015, 10:15:30 PM
One good thing came out of this, and it's that Summet is gone forever (hopefully)
Pages: 1 ... 14 15 16 17 18 [19] 20 21 22
« previous next »