Forum

Results 1 to 11 of 11
  1. #1
    Join Date
    March 2015
    Location
    RUssia
    Posts
    68

    Bug in package_inst.exe

    Bug in package_inst.exe: Loading files from HTML tag img. Files placed in folder, from opening *.ts3_xxx file.

    package.ini
    Code:
    Description = "<img src=\"facepalm.gif\"></img>"
    Files listing in one folder:
    file.ts3_addon
    facepalm.gif

    Screenshot included
    Attached Images Attached Images  

  2. #2
    Join Date
    June 2008
    Posts
    17,851
    Not sure if "showing image" is a bug here. I do not see this as a bug.
    But we need to check if the header check also is included here.
    When sending me private messages: Please make sure to include reference link to your forum thread or post.

    TeamSpeak FAQ || What should i report, when i open a client thread?

  3. #3
    Join Date
    March 2015
    Location
    RUssia
    Posts
    68
    Quote Originally Posted by dante696 View Post
    Not sure if "showing image" is a bug here. I do not see this as a bug.
    But we need to check if the header check also is included here.
    In itself, reading the file in the same directory - bug.
    In theory, we find a bug in qjpeg.dll or qgif.dll, force the user to download a infected file and .ts3_xxx file. The user starts the .ts3_xxx an administrator (start by default)... enter good worms.
    Also, read any files prescribed in this tag.
    Last edited by VJean; February 23rd, 2016 at 09:57 AM.

  4. #4
    Join Date
    June 2008
    Posts
    17,851
    Quote Originally Posted by VJean View Post
    In itself, reading the file in the same directory - bug.
    Hmm no. Currently a DEV answer is needed here, they only know if this is a wanted behavior or not.

    Quote Originally Posted by VJean View Post
    In theory, we find a bug in qjpeg.dll or qgif.dll, force the user to download a infected file and .ts3_xxx file. The user starts the .ts3_xxx an administrator... enter good worms.
    In theory, yes, but this also effects the whole client then.

    Quote Originally Posted by VJean View Post
    Also, read any files prescribed in this tag.
    I don't think "Any" file can be read (executed) here.


    A dev needs to check all of this first.
    When sending me private messages: Please make sure to include reference link to your forum thread or post.

    TeamSpeak FAQ || What should i report, when i open a client thread?

  5. #5
    Join Date
    March 2015
    Location
    RUssia
    Posts
    68
    Code:
    Description = "<img src=\"c:\windows\system32\calc.exe"></img>"
    Click image for larger version. 

Name:	Procmon64_2016-02-23_13-08-52.png 
Views:	101 
Size:	40.3 KB 
ID:	13594

    Code:
    Description = "<img src=\"c:\\windows\\system32\\calc.exe\"></img>"
    Click image for larger version. 

Name:	Procmon64_2016-02-23_13-10-35.png 
Views:	92 
Size:	42.2 KB 
ID:	13595

  6. #6
    Join Date
    June 2008
    Posts
    17,851
    So, it reads but does it execute?
    It did not in my tests before i did answer. And it still doesn't.

    But still a good point. The dev will get that info too.
    When sending me private messages: Please make sure to include reference link to your forum thread or post.

    TeamSpeak FAQ || What should i report, when i open a client thread?

  7. #7
    Join Date
    March 2015
    Location
    RUssia
    Posts
    68
    Quote Originally Posted by dante696 View Post
    So, it reads but does it execute?
    It did not in my tests before i did answer. And it still doesn't.

    But still a good point. The dev will get that info too.
    No, only read.


    even in a coin box, the code will not publish:
    1. hang package_inst.eхe
    2. Disclosure ip, OS version, machine and user name

    and error on unpack *.ts3_xxx: if archive not unpacked, program don't delete folder %TEMP%\ts3import\* on exit
    Last edited by dante696; February 25th, 2016 at 07:13 AM. Reason: merged

  8. #8
    Join Date
    June 2008
    Posts
    17,851
    The package installer in client 3.0.19 beta 2 and newer will only show plain text and does not support html any longer.

    The temp folder behavior will not be changed in client 3.0.19. This was moved to eval section.
    When sending me private messages: Please make sure to include reference link to your forum thread or post.

    TeamSpeak FAQ || What should i report, when i open a client thread?

  9. #9
    Join Date
    March 2015
    Location
    RUssia
    Posts
    68
    Quote Originally Posted by dante696 View Post
    will only show plain text and does not support html any longer.
    please, add support bb-codes

  10. #10
    Join Date
    September 2012
    Posts
    6,077
    It's just a simple short description. I don't think we need anything fancy there and plain text will be just fine, no need for formatting or anything like that.
    When sending PMs please make sure to include a reference link to the thread in question in the body of your message.

  11. #11
    Join Date
    March 2015
    Location
    RUssia
    Posts
    68
    Quote Originally Posted by Chris View Post
    It's just a simple short description. I don't think we need anything fancy there and plain text will be just fine, no need for formatting or anything like that.
    But that is no reason to cut back so much functionality.

    The interface and the functionality of the program and so miserable.
    No previews for icons and skins;
    no way to install fonts, if required by the skin;
    It does not support password protection standard ZIP archive;
    there is no way to remove the plug-in installed through the program - only handles;
    and others...

    My opinion: The interface of the program should be like the SFX-archives (aka WinRAR), for example:
    Attached Images Attached Images  

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [Resolved] package_inst.exe Error
    By sevarian in forum Windows
    Replies: 1
    Last Post: August 12th, 2012, 08:58 PM
  2. [Problem] One Click Install (package_inst.exe On Vista does not work
    By sgtrwe in forum Suggestions and Feedback
    Replies: 10
    Last Post: June 14th, 2011, 02:28 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •