You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I reported this exploit to a Valve employee about 2 months ago and it hasn't been fixed yet.
This exploit allows you to permanently ban people from a server until reboot simply by visiting a webpage. The server interprets these requests as an rcon request and permanently bans them
To fix this, ignore packets that don't follow the rcon protocol.
Can you post some more details please, for example the whole HTML page in question and how exactly you cause the issue. I assume you are saying that the user loads this in their browser of choice?
You also need to include http:// before the ip:port. Such as: <iframe src="http://ip:port"></iframe>
I tested this, as well, by creating an html file with the line above repeated 6 times with my server ip:port, which successfully IP banned me. It usually takes 6 times because the default for sv_rcon_minfailures is set to 5.
You can also simply open up your web browser and put in http://ip:port, then hit refresh 5 times and get IP banned.
I reported this exploit to a Valve employee about 2 months ago and it hasn't been fixed yet.
This exploit allows you to permanently ban people from a server until reboot simply by visiting a webpage. The server interprets these requests as an rcon request and permanently bans them
To fix this, ignore packets that don't follow the rcon protocol.
The text was updated successfully, but these errors were encountered: