Example on how you can exploit it, by pasting this in dev tools console:
let data = {
event: 'test:client:event', -- any event here
args: {} -- any arguments in here
};
fetch(`https://dialog/click`, {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify(data),
});
};
execute();
This nuicallback is exploitable to trigger any event. Should not trust the nui with the event to trigger.
https://github.com/ST4LTH-Development/dialog/blob/de251dd019dcd38f3f367c51cbfb9327535ac8a5/client/main.lua#L59-L80
Example on how you can exploit it, by pasting this in dev tools console: