"save pak0.pak" vulnerability
-
- Posts: 2126
- Joined: Sat Nov 25, 2006 1:49 pm
Re: "save pak0.pak" vulnerability
Related to this, all file related builtins from FRIK_FILE extension can do the same damage, even worst. They ought to be at least confined to the files inside the current gamedir.
I know FrikaC made a cgi-bin version of the quakec interpreter once and wrote part of his website in QuakeC (LordHavoc)
Re: "save pak0.pak" vulnerability
The question is, are there any Quake players with significant amounts of Cryptocoins on their machines.
Improve Quaddicted, send me a pull request: https://github.com/SpiritQuaddicted/Quaddicted-reviews
Re: "save pak0.pak" vulnerability
frik_file writes in dp+fte are confined to a gamedir/data/ subdir (but not reads). this prevents them from overwriting pak0.pak etc.