Sk1er
commented
6 years ago The article properly explaining the exploit is linked everywhere. I cannot really control what other people say. I will edit the readme to add some more details
Closed JRoy closed 6 years ago
Sk1er
commented
6 years ago The article properly explaining the exploit is linked everywhere. I cannot really control what other people say. I will edit the readme to add some more details
RDIL
commented
6 years ago 
includereserved
commented
6 years ago @RDIL What file did he check for? C:/Windows? How much of a brainlet does someone have to be to consider this an information leak and "illegal?"
RDIL
commented
6 years ago Run the plugin on your own server then.
includereserved
commented
6 years ago @RDIL Why?
RDIL
commented
6 years ago So you can check for files on your computer with and without the mod therefore proving the exploit is real.
includereserved
commented
6 years ago @RDIL In my hypothetical situation it'd say it doesn't exist either way because I don't use Windows... I'm not saying the bug isn't real I'm saying that it's useless. You'd have to send thousands of packets to put together a single filename and even after you find out, who cares?
RDIL
commented
6 years ago Still could be used to get PII. Oh well.
includereserved
commented
6 years ago @RDIL Yeah because someone has a file lying around that they renamed to their address
RDIL
commented
6 years ago Tbh you really never know
Summary
In Tenebrous's video, he really didn't seem to understand what the hell this exploit is (along with many other technical videos he does mind you...). Therefore, I am asking you to please clarify, in your README and the release, this exploit cannot send the server the contents of a file and only sends if the file exists and the SHA1 hashes for those files (to which there is no real threat as the time it would take to reverse those).
Proofs
In Tenebrous's Video at 3:58 he says a server can "get any file on your computer" which is misleading.
He continues in the comments by saying as long as you didn't keep passwords in files, which is misleading again. This exploit cannot be practically used to get passwords, let alone any data in a file.
Conclusion
While yes this exploit is a medium is a severity as servers could brute-force or check predetermined file names, this exploit has no real world possibility of viewing the contents of files. And no, I'm not saying this mod isn't good to use or doesn't serve a porpose. @Sk1er don't get me wrong this is a well-made mod and I do still recommend using it for people who have a concern that somebody will illegally use this. I just think this needs to be more clear, in this repository, what the exploit can or cannot do as much of the traffic has been through Tene's misleading video.
Tene if you are reading this, I suggest having someone like Sk1er proof-read these videos before you publish them as he could have probably caught this mistake and helped you not miss-direct users.
Regards, Josh