Ulysses

Ulysses Stuff => General Chat & Help and Support => Topic started by: Buggzie on March 11, 2011, 04:31:03 AM

Title: Some serious ulib and ulx exploits
Post by: Buggzie on March 11, 2011, 04:31:03 AM

I've had this player come on my server using some name hack which kept looping through different names and when I joined, I kept getting disconnected from the server and someone running commands on me. His using a cexec hack which lets him do whatever he wants to me with him getting away. I've got logs of him trying to add himself to superadmin but failing luckily. I've got his IP, ID, Steam community page as well as logs.

I'll paste all of these below here:

logs: http://pastebin.com/rfiZhvvm

His info:
Name: Thistle Vlandri
IP: 122.49.181.115
ID: STEAM_0:1:37768656
Steamprofile: http://steamcommunity.com/id/thistlevlandri

Please find and fix this stupid problem, he seems to have run commands on me, disconnecting me using +left on me, trying to get him to add him to admin here:

Code: [Select]

[22:57:41] Synergy Connections: !adduser NoLimit ~ superadmin
Just as he had used !adduser, my client timed out straight away leaving me not to see this.

Title: Re: Some serious ulib and ulx exploits
Post by: Megiddo on March 11, 2011, 07:27:50 AM

This is not a problem with ULX or ULib. Instead, it's an underlying problem with the Source engine. See http://forums.ulyssesmod.net/index.php/topic,5205.0.html

We're still working on obtaining more information on how the hack works, but it's not looking like it's something that can be blocked or prevented from Lua, after all.

Title: Re: Some serious ulib and ulx exploits
Post by: JamminR on March 11, 2011, 01:51:25 PM

Locking Topic - Refer to Megiddo's link for further discussion if you have further information.
All, Please don't just post 'me too!' there.