search

citizenfx / fivem

The source code for the Cfx.re modification frameworks, such as FiveM, RedM and LibertyM, as well as FXServer.
https://cfx.re/
3.45k stars 2.05k forks source link

Assembly.Load Exploit C# #2353

Open PlantBronze opened 7 months ago

PlantBronze commented 7 months ago

What happened?

Assembly.Load and MemoryStream function can be manipulated in client sided c# to load bytes onto the clients pc

Expected result

nothing

Reproduction steps

This is a small example of some c# that returns the bytes from plain UTF8

        string data = "Test UTF8 Data, this will be converted into bytes and printed, which can be manipulated into retrieving it from another source than this current specified one";
        byte[] dataBytes = Encoding.UTF8.GetBytes(data);
        memoryStream.Write(dataBytes, 0, dataBytes.Length);

        byte[] resultBytes = GetMemoryStreamBytes(memoryStream);

        Debug.WriteLine("Original Data: " + data);
        Debug.WriteLine("Bytes from MemoryStream: " + BitConverter.ToString(resultBytes));

Importancy

Security issue

Area(s)

FiveM, ScRT: C#

Specific version(s)

FiveM

Additional information

No response

PlantBronze commented 7 months ago

Also the reporter who deleted it made an own "anticheat" XD

benzyme16 commented 7 months ago

Also the reporter who deleted it made an own "anticheat" XD

which is legitimate, imagine pasting, skiddo

benzyme16 commented 7 months ago

try and make ur own stuff, its great people can see who posted this first

0x98a commented 7 months ago

damn imagine looking through deleted issues and reposting them, they would have seen it either way (and they have already)

0x98a commented 7 months ago

even making it worse that ur bio is "fivem developer"

neptunium-cfx commented 7 months ago

Please guys - there's no need for any sort of weird drama here.