Forum > Suggestions >

Allow for Option that Permits ACE Vulnerability (but alert users of the security risks).

VisualPlugin

VisualPlugn't

Posts: 97

Threads: 23

Joined: Nov, 2021

Reputation: 7

Posted

I propose adding a new method to the WRD API (and by extension, JJSploit) which would enable bypassing the ACE patch.  Let's add a yes/no message box in the GUI version that warns against using this bypass mode.

 

Sometimes, we would like our scripts to open up Notepad or take advantage of Rōblox's API functionalities.  Granted, we can create an HTTP server that bridges our executor to whatever it is we need to do, but isn't arbitrary code execution within the spirit of exploiting in the first place?  Seeing as most of the code we execute on the WRD API is obfuscated by a third party, I see how unwarranted system calls are a problem.

 

PS: scripts in the 'auto' directory still execute.

  • 0

Added

As long as less experienced users are secured from this vulnerability, we should be fine.  There is an irony that comes with trying to fix an arbitrary code-execution exploit on an arbitrary coded-execution exploit program (i.e., JJSploit).

  • 0

Your SUPREME RESPECTED LEADER VISUALPLUGIN blesses the current occasion which attracts you to my presence.

Posts: 1

Threads: 0

Joined: May, 2022

Reputation: 0

Replied

If you're seeking for a sizzling and enjoyable online game to play in your spare time, the Typing racing game is one of the best possibilities. It has a really straightforward gameplay. This game is completely free, and you can play it entirely online without having to download anything.

  • 0

I am a member of the Typing racer website. Nice to meet you and welcome you to join my group. 

VisualPlugin

VisualPlugn't

Posts: 97

Threads: 23

Joined: Nov, 2021

Reputation: 7

Replied

@Astronemi

It took years for the vulnerability in question to be discovered in the first place.  You can't accidentally write arbitrary code that runs an elevated command to format your hard drive, especially if you're an expert.

  • 0

Added

@Astronemi

That I agree with.  This is precisely why I recommended adding the warning dialogue.

 

If a script you've taken from someome else is telling you to allow this vulnerability to pass, you should avoid it at that cost.

  • 0

Your SUPREME RESPECTED LEADER VISUALPLUGIN blesses the current occasion which attracts you to my presence.

Users viewing this thread:

( Members: 0, Guests: 1, Total: 1 )