SA-MP Forums

Go Back   SA-MP Forums > SA-MP DL Edition > SA-MP 0.3.DL

Closed Thread
 
Thread Tools Display Modes
Old 04/11/2017, 09:34 PM   #11
SlowARG
Little Clucker
 
Join Date: Feb 2014
Posts: 40
Reputation: 14
Default Re: 0.3.8 Security Issue

Quote:
Originally Posted by maksicnm View Post
Fake extension
Again, try ALL extensions you want, you won't able to execute the model file.

I don't think SA-MP client has an open directive in downloaded models... So, when downloaded, the file will tries to load as model, maybe GTA crash (if the model isnt valid). But again, you can't execute files in this way.
SlowARG is offline  
Old 04/11/2017, 09:34 PM   #12
Misomir
Little Clucker
 
Join Date: Jul 2017
Posts: 21
Reputation: 0
Default Re: 0.3.8 Security Issue

It will open file and when SAMP realize thats not required file it will crash.But,the file is opened which executes program(in theory)Im gonna test this,and if dat really is a exploit,then...I dunno
Misomir is offline  
Old 04/11/2017, 09:36 PM   #13
MyU
Little Clucker
 
Join Date: Apr 2013
Posts: 32
Reputation: 18
Default Re: 0.3.8 Security Issue

Quote:
Originally Posted by maksicnm View Post
Fake extension
Reading the file != parsing & loading a PE.

You could say that they could exploit it to execute arbitrary code.
__________________
Project(s): SA-MP Textures :: All GTA:SA Textures Online!
Github
MyU is offline  
Old 04/11/2017, 09:38 PM   #14
maksicnm
Big Clucker
 
Join Date: Sep 2016
Location: Serbia
Posts: 120
Reputation: 3
Default Re: 0.3.8 Security Issue

We need KYE here :P

No one is crazy enough to test this :P
maksicnm is offline  
Old 04/11/2017, 09:40 PM   #15
Xeon™
Banned
 
Join Date: Jul 2017
Location: Earth
Posts: 461
Reputation: 96
Default Re: 0.3.8 Security Issue

if you are scared that much, buy youself an anti virus, and stop using free/cracked ones
Xeon™ is offline  
Old 04/11/2017, 09:46 PM   #16
Misomir
Little Clucker
 
Join Date: Jul 2017
Posts: 21
Reputation: 0
Default Re: 0.3.8 Security Issue

I will test it,but i will make a simple batch file which create a notepad file(or msgbox) with some text and change extension and then put into the localhost 0.3.8 server and test it.
Misomir is offline  
Old 04/11/2017, 09:46 PM   #17
maksicnm
Big Clucker
 
Join Date: Sep 2016
Location: Serbia
Posts: 120
Reputation: 3
Default Re: 0.3.8 Security Issue

Quote:
Originally Posted by Xeon™ View Post
if you are scared that much, buy youself an anti virus, and stop using free/cracked ones
AntiVirus cannot detect it, because when its downloaded its auto transfer and executed immediataly...
Its small codes

It can but its alredy started
maksicnm is offline  
Old 04/11/2017, 09:51 PM   #18
Kane
Gangsta
 
Kane's Avatar
 
Join Date: Sep 2012
Posts: 807
Reputation: 123
Default Re: 0.3.8 Security Issue

Quote:
Originally Posted by Misomir View Post
I will test it,but i will make a simple batch file which create a notepad file(or msgbox) with some text and change extension and then put into the localhost 0.3.8 server and test it.
Couldn't you test it first THEN make a post about it? All you did was throw around baseless arguments.
__________________
Los Santos Roleplay - Development team
@ls-rp.io
Kane is offline  
Old 04/11/2017, 09:52 PM   #19
Misomir
Little Clucker
 
Join Date: Jul 2017
Posts: 21
Reputation: 0
Default Re: 0.3.8 Security Issue

Yeah
And that can be anything.Even .bat file with command format c
And u can say goodbye to ur system...
And yeah,i cant test it now,so i will try this tommorow
And EVERYTHING whats here till testing is just a theory...
Misomir is offline  
Old 04/11/2017, 09:56 PM   #20
Misomir
Little Clucker
 
Join Date: Jul 2017
Posts: 21
Reputation: 0
Default Re: 0.3.8 Security Issue

Can u tell me which forum is it?(here or pm)
Misomir is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Unoccupied vehicle sync, boat surfing pausing issue, parachute with vehicle issue, surfing w/ skydiving issue Kar Bug Reports 2 10/06/2013 09:24 AM
Security issue with Y_INI + Dialog reg system. caki Scripting Help 0 27/11/2012 02:31 PM
Harmfull security issue (server-sided UDP floods) ExoSanty Bug Reports 7 07/03/2012 09:04 PM
E-Mail Adress or another way to report a major security issue Seoson Server Support 4 08/01/2012 09:06 PM
security cam id akis_tze Help Archive 3 08/02/2010 01:36 PM


All times are GMT. The time now is 03:05 AM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.