Warning: UTCOMP has an exploit that gives hackers access to your server
As some may have heard lately from Wormbo on UTZone and other forums, UTCOMP has an exploit which came from bad design which provides hackers to create Admin accounts for themselves and see all other Admin accounts, passwords and names. Even possible FTP access(Make sure you have different passwords for each).
How it works:
This exploit is possible due the voting system of UTCOMP, because UTCOMP allows any client to call the ServerTravel function from the engine and therefor can pass any options to the commandline such as AdminName=? and AdminPassword=? to give themselves admin rights.
The exploit is done by calling ServerTravel followed with the AdminPassword and AdminName option along with "Admin get CLASS VARIABLE" can give them access to WebAdmin and therefor all Admin passwords, which the hacker can use to erase his admin account.
How you can fix it:
Luckily there is a temporary fix for this, which is as easy as disabling UTCOMP VOTING on your server so that hackers cannot exploit those functions.
Notice: Even though disabling UTCOMP VOTING fixes this exploit, there are still several other little exploits within UTCOMP, if you really want to be 100% safe, then remove UTCOMP from your server, including the .u file.
You can read more about it on UnrealWiki.
Flak, if you read this, can you sticky this? Also just in case I revealed too much information, feel free to remove it from the post.
If someone makes a code fix for this, then please make sure you let everyone know through here!
Last edited by Eliot; 03-15-2014 at 07:26 AM.
I would really need a code fix for this one :/.
Utcomp is a nice useful mutator.