[Seoson]

Hello guys,
I've found a way to manipulate files on almost every server using user files(Or the server log of 99,9% of all servers). It affects the security of a lot of servers and since most servers store admin levels in these files it could result into a server takeover. Because of the great impact of this exploit I don't want to post any information about it in public. Please leave me a message with a way to contact a responsible person.

Just one more thing:
There is also an issue that allows a player to crash the server and wasn't found by myself, but I think you know about it already because a few servers have a fix installed.

Best regards,
Seoson

[Calgon]

team@sa-mp.com

If it's the newline carriage bug, almost all scripters already know about it, also the SA-MP team do not script for people, it's the laziness of scripters if they don't fix these bugs, especially as it's not particularly a bug in SA-MP.

[Guest9328472398472]

There is nothing you can really do as SAMP can't control that, therefor its the reason why people should have a fully protected server to prevent this from happening. SAMP can't do not 1 thing about the exploit bud.


But you can attempt and see if team@sa-mp.com can do something.

[Seoson]

Quote:

Originally Posted by Calgon team@sa-mp.com If it's the newline carriage bug, almost all scripters already know about it, also the SA-MP team do not script for people, it's the laziness of scripters if they don't fix these bugs, especially as it's not particularly a bug in SA-MP.

Exactly. But I think that those characters should be escaped just like the "%" character. Also the exploit is not limited to this character. On a windows machine you could even use the BEEP. Good to know that it is already known to a limited amount of people.

I had a discussion with a good friend about PHP and the Null Character. Right after that I tried to use control characters in SAMP because I was thinking that this could be a good idea and I've never seen a filter for that in file or INI systems.


To bad that most scripters don't update their filterscripts recently.

[JernejL]

Quote:

Originally Posted by Seoson Hello guys, Just one more thing: There is also an issue that allows a player to crash the server and wasn't found by myself, but I think you know about it already because a few servers have a fix installed. Best regards, Seoson

I don't use files to store data, but this second issue interests me if it's a new issue - can you message me the details? (you can also describe it technically in detail if you want) thanks.