Korioz
commented
3 years ago Hi 👋,
KorioZ-PersonalMenu:Admin_BringS & KorioZ-PersonalMenu:Admin_giveCash were two old abused events, they already had been fixed like a year ago, it seems a lot of servers had never updated the resource since the update.
I've pushed a fix for KorioZ-PersonalMenu:Boss_recruterplayer & KorioZ-PersonalMenu:Boss_recruterplayer2, it was a small security issue so it's weird that some abusers could think of using that, i think as again the servers abused didn't updated the resource since the last security fixes dated from a year.
KorioZ-PersonalMenu:Weapon_addAmmoToPedS doesn't check if you have a proper amount of ammo before giving them to the target, there is no way currently to know the player ammo amount of a weapon from server-side, i could potentially write something with esx in the future.
Also, fixed the abusers sending -1 as target to the networked events.
Thank's for the report !
Blumlaut
Hi! I'm Blumlaut, developer of anticheese-anticheat, it's come to my attention that people are using triggers in your resource to Grief on Servers, as certain events do not employ permission checks, these are the events (that i know off) being used:
(marked with ? are triggers where i'm unsure of their effectiveness, but which are being shared online)
Generally, it is good practice to always check for permissions for everything that is controlled by a player via events, as otherwise these events can and will be abused.
As such i would strongly recommend releasing an update in which the permission checks are expanded to ALL events, and not just certain ones.
Greetings.