Malicious addon report
Steam Workshop Link:
Addon Title: ATM - Système de Banque complet Roleplay
Type: Lua RunString Backdoor
Description: Remote Client lua code execution. Allows any connected client to the server that the addon is installed on to remotely execute Lua code on the server, allowing them to have full control over the server including the ability to gain administrative priveleges and modify server settings.
Severity: Severe
Technical Description: On line 88 of lua\entities\ent_spring_atm\shared.lua a Net Reciever is created named "createpanel". This net reciever takes one argument as a string, The string is then run on the server as lua code, Allowing a malicious user to run a clientside script to using net.SendToServer() to run their own foreign lua code on the server.
https://steamcommunity.com/sharedfiles/filedetails/?id=1314491361
Here is another backdoor attempt, It's incredibly bad. he posts the server info to a file in his webserver ( He removed this file because we flooded it. )
I like the idea of this thread because there seems to be a lot of backdoors on the workshop
http://steamcommunity.com/sharedfiles/filedetails/?id=1325497083
Section Rules and Guidelines
Second Post
Sorry, you need to Log In to post a reply to this thread.