Channel that crashes clients.

[invisiblemagic]

Hello earlier on I posted a post about the character

⁢⁢⁢⁢

After this I looked at a bunch of posts and saw "WTF XD" I viewed the post to see a crash screen I tested this out and it also crashes me. After looking in the replies I saw @XURY post a reply about him exploiting the string and making a crash after testing out a few things I managed to replicate the same thing (I'm assuming) that xury did and produced a crash all I did was make a channel and name it the same string

⁢⁢⁢⁢

but pasted it over and over again to make a massive string that no one could see after clicking on the channel it produced a crash. I am guessing this is a buffer overflow vulnerability (again I may be wrong). I have only tested this on 3.0.11.2 not 3.0.11.3 or 3.0.11.4 (server version) and I'm pretty sure someone could make a plugin out of this I myself can not code Teamspeak plugins but if someone else could it would be appreciated. I also found out that to not crash instantly after changing the name you have to right click press edit channel (after creating a channel) click on any other channel then edit the name instead of selecting the channel that crashes people it will be on the other channel you have selected therefore stopping you from instantly crashing. Anyways the main thing I am asking and I think would be fun to mess around with is for someone to code this as a plugin. It's like the avatar crasher but with channels! =P. Sorry for the long post =P.

EDIT: Tested on 3.0.11.4, seems to work.

 

[ehthe]

I'm on it

 

[Derp]

+ This is disclosuring some VIP Stuff

@ehthe ,I suggest you move this to the VIP section

 

[zacy5000]

After testing this seems to only crash the person who made the channel.
But maybe I didnt do enough testing.

 

[ehthe]

moved to the vip section awaiting for admins input on the situation (is it vip or is it not)

 

[ehthe]

Tried to reproduce. No luck as of now.

 

[Derp]

Tried to reproduce. No luck as of now.

Same

Could you please post a Video Tutorial on how to achieve your result?

 

[ehthe]

or even the sqlite db directly

Here's what i got

And it doesn't crash

 

[JayJax]

If its working i suggest to make it VIP, since it would be a critical exploit.

 

[invisiblemagic]

Uploading video on crash right now.

EDIT: Posted:

 

[Derp]

Tried to reproduce the crash in:

Windows XP
3.0.18 - 3.0.18.2

3.0.11.3 Windows Server

Also

@ehthe tested it on 3.0.11.4 Linux server

Unable to reproduce it

 

[invisiblemagic]

32 bit or 64 bit?

 

[Derp]

32 bit

 

[ehthe]

all 64 for me.
Having seen your video. It might have something to do with the theme handler of teamspeak.

 

[0day]

Tried, win 8.1 1.0.18.1 32 bit against mineplex no luck .

 

[invisiblemagic]

After some more testing I realised that his only works on 3.0.18.1 . Guess someone else exploited it before us and they fixed it.

 

[Asphyxia]

Copy and paste this into a new channel name, topic, description.

色は匂へど 散りぬるを
我が世誰ぞ 常ならむ
有為の奥山 今日越えて
浅き夢見じ 酔ひもせず

If your client crashes you probably have the "test plugin" enabled, we found that out earlier today.

I think the crash is related to the "test plugin" improperly handling certain characters. Notice in the YouTube video published to the right side you see a reference to the test plugin, which confirms to me this crash is directly caused by the test plugin being active.

 

[invisiblemagic]

Ah, thank you @Asphyxia .

 

[0day]

⁢⁢⁢⁢: a null color Chile throat to smell
My world who each a normal ram
Beyond promising of Okuyama today
Asaki dreamed same stingray also without

Anyone figure out why I posted this yet? lol

 

[AdMiRaL009]

hello,

can anyone tell me how to access the VIP section please .?