This bug in the game “Counter-Strike 2” revealed players’ IP addresses

A bug in the game “Counter-Strike 2” allowed players’ IP addresses to be restored. Valve fixed it to prevent hacking from some players.

Counter Strike 2 It’s just getting started, however it’s experiencing some bugs, which can be serious. This is the case of an HTML injection bug that allowed hackers to access players’ IP addresses. A defect that has been corrected by game publisher Valve.

A flaw that started with a few nicks in Counter Strike 2…

The game uses a user interface called Panorama UI, created by Valve. It uses CSS, HTML, and JavaScript for layout. Developers can create input fields that can accept HTML code. Recently, more players started reporting that other players were using an HTML injection vulnerability to put images into the voting board used to exclude malicious players.

Posting memes and funny pictures is enough to make your teammates and opponents laugh. However, the glitch can be used for less fun reasons. Valve only released a 7MB patch on December 11, converting any HTML code introduced to prevent players from viewing images in the game. Thus, it is no longer the image that is displayed, but its code, in text form.

…but it allowed access to players’ IP addresses

In fact, this defect could have been much more serious. This was initially thought to be a cross-site scripting (XSS) flaw that allows JavaScript programs to be executed on players’ devices, greatly expanding the possibilities. In the end it turned out to be an HTML injection that allows images to be displayed.

By using the tag to view the images, the hackers were able to “ Open a remote IP logging program that recorded the IP address of each player who watched the vote “, Tells Sleeping computer. What we can do with an IP address is launch a DDoS attack, via a denial of service, which consists of overloading the computer with requests in order to crash it. It’s enough to disconnect players from the game Counter Strike 2.