• Backdoor report
    2 replies, posted
Malicious addon report Steam Workshop Link: Addon Title: ATM - Système de Banque complet Roleplay Type: Lua RunString Backdoor Description: Remote Client lua code execution. Allows any connected client to the server that the addon is installed on to remotely execute Lua code on the server, allowing them to have full control over the server including the ability to gain administrative priveleges and modify server settings. Severity: Severe Technical Description: On line 88 of lua\entities\ent_spring_atm\shared.lua a Net Reciever is created named "createpanel". This net reciever takes one argument as a string, The string is then run on the server as lua code, Allowing a malicious user to run a clientside script to using net.SendToServer() to run their own foreign lua code on the server. https://steamcommunity.com/sharedfiles/filedetails/?id=1314491361
Here is another backdoor attempt, It's incredibly bad. he posts the server info to a file in his webserver ( He removed this file because we flooded it. ) I like the idea of this thread because there seems to be a lot of backdoors on the workshop http://steamcommunity.com/sharedfiles/filedetails/?id=1325497083
Section Rules and Guidelines Second Post
Sorry, you need to Log In to post a reply to this thread.