1702477235 This bug in Counter Strike 2 revealed players39 IP addresses

This bug in Counter-Strike 2 revealed players' IP addresses – Frandroid

Technology News / By /

A bug in “Counter-Strike 2” allowed player IP addresses to be retrieved. Valve fixed it to prevent hacks by certain players.

This bug in Counter Strike 2 revealed players39 IP addressesSource: Valve

Counter-Strike 2 is still in its early stages and still has certain bugs that can be dangerous. Such is the case with this HTML injection flaw that allowed hackers to access players' IP addresses. A bug that has been fixed by the game's publisher, Valve.

A bug that started with a few jokes in Counter-Strike 2…

The game uses a user interface created by Valve called Panorama UI. CSS, HTML and JavaScript are used for the layout. Developers can create input fields that can accept HTML code. Recently, more and more players reported that other players were using an HTML injection flaw to place images in the voting panel to exclude malicious players.

1702477224 896 This bug in Counter Strike 2 revealed players39 IP addressesSource : Valley over

Enough to place memes and funny pictures to make your teammates and opponents laugh. However, the error could be used for less amusing purposes. Valve released a patch of just 7MB on December 11th that converted any embedded HTML code to prevent players from viewing images in a game. This means that the image is no longer displayed, but rather its code in text form.

…but what allowed access to the players' IP addresses

In reality, this mistake could have been much more serious. Initially, it was assumed that this was a cross-site scripting (XSS) flaw that allows JavaScript programs to be executed on players' computers, significantly expanding the possibilities. Ultimately it turned out that it was an HTML injection that allows images to be displayed.

This bug in Counter Strike 2 revealed players39 IP addressesSource : Aquarius over X

By using the tag to display images, hackers were able to “open a remote IP recording script that recorded the IP address of every player who saw the vote,” says Bleeping Computer. What we can do with an IP address is to launch a DDoS attack through denial of service, which consists of overloading requests to a computer in order to cause it to malfunction. Enough to make gamers walk away from a game of Counter-Strike 2.

Would you like to join a community of enthusiasts? Our Discord welcomes you, it is a place of mutual help and passion about technology.