Server redirection exploit (AMXX example)

[shavitush]

Old server redirection was: client_cmd( client, "connect XX.XX.XX.XX:XXXXX" );

New exploit: client_cmd( client, ";^"Connect^" XX.XX.XX.XX:XXXXX" );

Won't it be better to do like the askconnect_accept command in Source Engine games and the server redirection box? Feels less hacky.

[Freeman-AM]

This dream will never be a reality, please guys stop reporting these usages, unless you dislike using xredirect.

[shavitush]

It's not I dislike using xREDIRECT or w/e, I just don't want stupid servers to redirect me when I don't even want, I mean - I play on a random dust2 server, when admin connects if it's full - a reserved slot will be used, but some random player will be kicked to another server, that's stupid.

[Shevchik]

Totally agree. Redirects from servers should be forbidden.

[Freeman-AM]

It's depend how communities setup their xRedirect, it's not my case in my community. And people are fully happy of it. Server full is server full. It's only an ingame switch usage with /server

[APGRoboCop]

This matter should really be reported to AlliedMods. But I got confirmation from there that xRedirect v2 RC2-beta is dead, even though I was kinda misled to think xRE is still open and downloadable, as I thought it was still going. But AMXX isn't AlliedMods top priority compared to SourceMod.

Also we shouldn't be really discussing AMXX problems in here, as you should be aware that Valve aren't truly affiliated with AlliedMods, if I am not mistaken.

[Shevchik]

This commands should be blocked on client so this is definitely a valve issue.

[shavitush]

@APGRoboCop I just gave an example of malicious usage of it using the AMX Mod X platform which is available in most GoldSRC dedicated servers.

[illiftwhat]

This command is not blocked and is bypass by all server... the server browser is just full of redirection server

client_cmd(id, "wait;wait;wait;wait;wait;^"connect^" %s",server);

This exploit is never fixed since 2014...

[di57inct]

@illiftwhat Oh, there are far worse things than that which still work. I can make a script which will infect your PC through any GoldSrc engine game on Steam. This is Valve we're talking about here. Lower your expectations.

[illiftwhat]

there are 25,000 players on counter-strike (steam stats), the game is still on sale in the steam store

And Valve made ​​the ostrich... They just want to make money with CSGO and skin

[blatouchm]

Lol, just dont play on this shit servers and keep other good. Valve now disable connect command and redirect no longer working = bullshit. I have 100+ servers and steam players cant use /server command.

[SamVanheer]

So you're saying this issue has been fixed? If so this issue can be closed.

[oaus]

So you're saying this issue has been fixed? If so this issue can be closed.

Yes it's fixed now.