<< Back to General Forum   Search

Posts 1 - 6 of 6   
WarLight Security Flaw Exposed: 8/4/2014 17:11:59

An abandoned account
Level 56
Report
Recently, I tried to upload a map to WarLight with an .exe file extension. I thought, there's no way this will work, but it turns out it does. The .exe file extension I added to the .svg file for the map I uploaded doesn't do anything, but someone who knew what they were doing could easily make a virus and upload it as an .exe file extension to 1 of their maps. Why do you allow file extensions Fizzer? why not automatically refuse to upload any map with a file extension, you should only allow pure .svg files?

And for anyone who's interested, here's the map, I haven't made it public and I'm not going to
http://warlight.net/SinglePlayer?PreviewMap=35125
WarLight Security Flaw Exposed: 8/4/2014 17:34:18


WI6
Level 38
Report
Instead of posting this publicly, E-mailing Fizzer probably would have been a better idea.
WarLight Security Flaw Exposed: 8/4/2014 17:38:37


[WM] แต€แดดแดฑ๐“•๐“ป๐“ฒ๐“ญ๐“ฐ๐“ฎ 
Level 59
Report
exe is most likely not harful at all, as i doubt the servers interpret windows files, but there's a lot of scripts that would run i guess.. interesting find
WarLight Security Flaw Exposed: 8/4/2014 17:43:45

An abandoned account
Level 56
Report
Instead of posting this publicly, E-mailing Fizzer probably would have been a better idea.

To warn people so they don't just play any old map and get a virus.

Edited 8/4/2014 17:43:59
WarLight Security Flaw Exposed: 8/4/2014 18:08:57


WI6
Level 38
Report
Thats true, but it might give the wrong people ideas
WarLight Security Flaw Exposed: 8/4/2014 18:21:24

Fizzer 
Level 58

Warzone Creator
Report
It's not a security issue at all. The files you upload to the map designer aren't going to be executed, they're just opened and read in as map data. The extension is irrelevant -- the name of the file or its extension are never even transmitted to the server.
Posts 1 - 6 of 6