search

citizenfx / fivem

The source code for the Cfx.re modification frameworks, such as FiveM, RedM and LibertyM, as well as FXServer.
https://cfx.re/
3.52k stars 2.07k forks source link

Exploit using "SetVehicleExclusiveDriver_2" #2553

Closed chozr7 closed 3 months ago

chozr7 commented 4 months ago

What happened?

Their are cheaters currently executing the code below

local vehicles = GetGamePool('CVehicle')

for i = 1, #vehicles do
    SetVehicleExclusiveDriver_2(vehicles[i], PlayerPedId(), 1)
end

and this is making it where if they are in a car near them it kicks them out, and if they are trying to get in they are NOT able to get back into the driver seat.

Expected result

Work the same but should own the vehicle before setting it.

Reproduction steps

  1. Load up into any server
  2. Go to an area populated with vehicles
  3. Run the provided snippet above
  4. You will be able to see no one able to get into driver seat

Importancy

Slight inconvenience

Area(s)

FiveM, OneSync, Natives, ScRT: Lua

Specific version(s)

FiveM Artifacts 8151, Server Game Build 2802, windows

Additional information

No response

ook3D commented 4 months ago

i dont see how this is an issue with FiveM? am i missing something?

chozr7 commented 4 months ago

i dont see how this is an issue with FiveM? am i missing something?

your saying that people should be able to exploit a native?

ook3D commented 4 months ago

i dont see how this is an issue with FiveM? am i missing something?

your saying that people should be able to exploit a native?

im saying just because your server is written poorly, doesnt mean the native itself is fundementally flawwed.

AvarianKnight commented 4 months ago

i dont see how this is an issue with FiveM? am i missing something?

your saying that people should be able to exploit a native?

im saying just because your server is written poorly, doesnt mean the native itself is fundementally flawwed.

How is this because a server is poorly written?

chozr7 commented 4 months ago

i dont see how this is an issue with FiveM? am i missing something?

your saying that people should be able to exploit a native?

im saying just because your server is written poorly, doesnt mean the native itself is fundementally flawwed.

your clearly not smart, go ahead and read it works in any server.

chozr7 commented 4 months ago

Also not sure how this COULD HAVE ANYTHING to do with how a server is written.

V3SC commented 4 months ago

Doesn't the sv_filterRequestControl prevent this to happen?

tens0rfl0w commented 4 months ago

Doesn't the sv_filterRequestControl prevent this to happen?

Invoking this native on a remotely owned entity ignores all ownership and currently implemented filter checks.

The game event in question is SCRIPT_ENTITY_STATE_CHANGE_EVENT with type SET_EXCLUSIVE_DRIVER.

Parsing this event and exposing its handler to ScRTs or adding some filter checks could be a proper fix here.