search

overextended / ox_inventory

Slot-based inventory with metadata.
https://overextended.dev/ox_inventory
GNU General Public License v3.0
458 stars 701 forks source link

Cheaters are able to get access to every trunk inventorys, using their numberplate #1744

Closed Kastrup-Dev closed 3 months ago

Kastrup-Dev commented 3 months ago

Describe the bug Here's an example: The cheater is in a vehicle with no stash. Then he uses the command to set the current vehicles license plate to the one just entered. So the number plate entered, if it had anything in the stash, then the stash would be in the cheater's vehicle now. I have a video from a YouTube video, which explains the exactly problem, watch until 0.45 seconds: https://www.youtube.com/watch?v=WoyWCsJ7yGo

Framework ESX

Resource version 2.40.2

To Reproduce I do not have any idea how to reproduce this "bug"

Expected behavior I hope you do so if this happens it will send logs to a webhook. In that webhook, you must be able to see who has "transferred" stash from one vehicle to another, so that you can ban the cheater

Screenshots I think it's better to watch the video i send

Additional context Add any other context about the problem here.

Kastrup-Dev commented 3 months ago

Sorry, i think i used the wrong label...

thelindat commented 3 months ago

So use a framework that actually supports vehicle ids? This isn't our problem to deal with - works great with ox_core and nd_core even.