dev-null-undefined
commented
3 years ago The user under which the code is running does not have permission to do any harm to the server there have been a few outbreaks but those have been fixed and currently, there is no known way how to destroy or stop the runner. Also, the code is running inside a container (lxc) so even if there would be a potential outbreak unless you find a way how to get out of container lxc which would be a huge bug, there is no way to get to the host PC which means that the maximum you can do is destroy the runner. EM has invited everyone to try and break the bot and so far as I know there was 1 big bug that has been fixed by that, if you find a new one you can join us on Discord server and show us what you have.
Hi, I found the bot on a server and had to try a bit. Apparently you can do everything without any problems. Things like
conosle.log(process.env)are relatively harmless. Should that be executed?When running the following code, there is no response, which leads me to believe that things are possible that shouldn't necessarily be possible. /run python
or this command returns all processes /run python
So there could be attacks. I have not tested curl with execution Maybe you should have a look at it