Exploitable NUICallback

[OK1ez]

This nuicallback is exploitable to trigger any event. Should not trust the nui with the event to trigger.

https://github.com/ST4LTH-Development/dialog/blob/de251dd019dcd38f3f367c51cbfb9327535ac8a5/client/main.lua#L59-L80

Example on how you can exploit it, by pasting this in dev tools console:

    let data = {
        event: 'test:client:event', -- any event here
        args: {} -- any arguments in here
    };

    fetch(`https://dialog/click`, {
        method: "POST",
        headers: {
            "Content-Type": "application/json",
        },
        body: JSON.stringify(data),
  });
};

execute();

[Captmorg21]

@OK1ez Did you fix this mate? If so would you mind sharing how?