Closed MrSol0 closed 2 weeks ago
Dutchman101
commented
2 weeks ago Looks like you didn't spend enough time to get familiar with the 'admin' codebase and made assumptions on how things work. Perhaps you realized, is that why you closed it again?
MrSol0
commented
2 weeks ago Looks like you didn't spend enough time to get familiar with the 'admin' codebase and made assumptions on how things work. Perhaps you realized, is that why you closed it again?
I'm actually very confused, the reason i made the assumption was because someone was able to use the admin panel to extract all server side scripts using fileOpen, however after further checking my own admin script from the backup as i deleted it, it also had player ~= client check, it just don't make sense how he was able to do it, all i know is he needed someone with p panel access online for him to execute code server side, i will have to investigate further from my end.
Dutchman101
commented
2 weeks ago @MrSol0 Thanks for the feedback. Please make sure you got the latest version of the admin resource, that's often not the case with servers that have a customized version of it, lacking security patches, or those that simply don't keep default resources they use (like admin) up-to-date.
Also, i can't verify that your observation the attack came from 'admin' is correct.
If you find something that can be backed up and is a problem, please forward details to "Private Bugs" forum board instead of here. Otherwise, i wish you the best of luck and strength dealing with the consequences of the breach that occured on your server, irrespective of what script security issue led up to it outside of 'admin'.
🛑 DO NOT DISCLOSE SECURITY VULNERABILITIES PUBLICLY 🛑
Please refer to SECURITY.md for instructions on how to report security vulnerabilities responsibly.
All server side events for admin resource do not use "client" and instead use source, which enables attackers to spoof an admin by passing him as "source", this is very bad and has caused all my resources to be leaked by someone somehow using this vulnerability to openFiles and pass them to himself.