LinkingService Block to fix Vulnerability

Riz-ve / Xeno

Xeno: An external script executor for Roblox made entirely in C++. It uses a working but detected method of overwriting the bytecode of a corescript to manage script execution

https://rizve.us.to/Xeno/

Apache License 2.0

67 stars 30 forks source link

LinkingService Block to fix Vulnerability #10

Closed liablelua closed 1 month ago

liablelua commented 2 months ago

so uh funny vulnerability fix.

local LinkingService = game:GetService("LinkingService")
local ScriptContext = game:GetService("ScriptContext")

LinkingService:OpenUrl(ScriptContext:SaveScriptProfilingData([[start C:\WINDOWS\System32\notepad.exe]], "notepad.bat"))

this blocks LinkingService

liablelua commented 2 months ago

@Riz-ve this is major.

Riz-ve commented 2 months ago

The blacklisted module names are only there to block some core modules from the execute and loadstring function as sometimes it will give you errors like "requested module failed to load" so the code changes you provided does not make sense

I have not planned to fix any vulnerabilities

playvoras commented 2 months ago

u should block game.AvatarEditorService too