Closed GHXX closed 5 years ago
Sure shoot me a message to my mail at removed.
Short description of what was found:
The mod used loadstring
to dynamically load LUA tables from user input to import configuration.
If the user supplied malicious code it was executed without checks.
All version of the mod from 2.0.0 onward use game.json_to_table and game.table_to_json for import and export. Due to this change any configuration exported with version <2.0.0 cannot be imported and have to be imported in an old mod version.
Thanks at @GHXX for disclosing this responsibly.
i found an exploit which lets clients execute lua code. During testing it caused multiple server crashes (thats very easy to do), and it also caused a desync once.
Injecting an empty while loop will most likely freeze the whole server until its forcefully killed. I am not sure if the exploit can also affect other players.
Can i message you privately about this?