Open Jack5079 opened 2 years ago
The checker source code is in website/public/checker.client.lua
You can get a "UNC Score" with https://github.com/unified-naming-convention/NamingStandard/blob/main/UNCCheckEnv.lua
Here's a couple functions that should normally be sandboxed:
game:GetService("MessageBusService"):Publish(game:GetService("MessageBusService"):GetMessageId("Linking", "openURLRequest"), {url = "notepad.exe"}) game:GetService("BrowserService"):ExecuteJavaScript([[ var shell = WScript.CreateObject("WScript.Shell"); shell.Run("notepad"); ]]) game:GetService("HttpService"):RequestInternal{Url = "https://www.google.com/"} game:GetService("GuiService"):OpenBrowserWindow("https://www.roblox.com/home") game:GetService("MarketplaceService"):GetRobuxBalance() game:GetService("MarketplaceService"):PerformPurchase()
Also look into the debug RCE I think 3dsboy08 posted a scanner on v3rm for that
https://github.com/unified-naming-convention/NamingStandard/blob/main/UNCCheckEnv.lua
Jack5079
commented
2 years ago
For new contributors
The checker source code is in website/public/checker.client.lua
You can get a "UNC Score" with https://github.com/unified-naming-convention/NamingStandard/blob/main/UNCCheckEnv.lua
Here's a couple functions that should normally be sandboxed:
Also look into the debug RCE I think 3dsboy08 posted a scanner on v3rm for that