Forum > Complaints >

The request() function

VisualPlugin

VisualPlugn't

Posts: 97

Threads: 23

Joined: Nov, 2021

Reputation: 7

Posted

After a few weeks of intermittent JJSploit crashes, I was able to trace my issues down to a single library function: request.  I looked into HttpService:RequestAsync(), which has the same argument structure as request.  But when I use it, I receive an error message stating that WRD disabled the function call 'for security reasons'.  My guess is that this was put in place to mitigate the ACE vulnerability from last month, but request seems to have suffered as a result.  I've noticed that many calls to request must be done to reproduce this crash; it's probably a memory-management issue.

 

for i=1,66e5 do
request{Url='google.com'}
end

Within seconds after I ran this script, JJSploit crashed on me.

 

I run a chatlogger on my client and save them to a public Discord channel.  Though I can also store these logs to a file using writefile, having reliable, real-time HTTP connectivity without additional software would help JJSploit as reliable as we expect it to be.

 

Thank you in advance for the bug fixes!

  • 1

Your SUPREME RESPECTED LEADER VISUALPLUGIN blesses the current occasion which attracts you to my presence.

SeizureSalad

i love femboys

Posts: 1012

Threads: 73

Joined: Mar, 2021

Reputation: 37

Replied

my guy i think it's the fact that you're trying to send 6,600,000 requests to google.com without a single wait lol

  • 0

"Questionable intellegence, but I like the mystery" - CubeFaces

https://cdn.discordapp.com/attachments/1136067487847415848/1138948596679589898/sig.png

VisualPlugin

VisualPlugn't

Posts: 97

Threads: 23

Joined: Nov, 2021

Reputation: 7

Replied

@SeizureSalad

 

Hi.  I've used the process of elimination to figure out which of my scripts that run upon injection is causing the issue.  I can say with 80% confidence that request is the culprit.

 

If request were properly managed, my executor wouldn't have crashed with an unknown-symbol exception (i.e., when a 'Fatal error' popup comes up) as it did.

 

I've run other routines far more times and the VM was able to manage just fine.

 

function f(i)return i==1 and 1 or f(i-1)end
f(1e7)

The VM prints a stack-overflow exception to the devconsole; JJSploit is still running fine even under deep recursion, even if f is wrapped under newcclosure.

 

local t={}
for i=1,1e5 do
t[i]={}
for j=1,1e5 do
t[i][j]=i
end
end

Still no crash.  JJSploit simply prints that there is 'not enough memory' and terminates the thread.

  • 0

Added

@_realnickk

 

Hi.  The purpose of my post is to inform developers working in WRD about my findings.  To my knowledge, exploiters don't really interact outside of Rōblox other than with game:HttpGet to load external scripts.  Synapse, and thus JJSploit, have a library function that allows POST requests to be made that game:HttpGet doesn't really have access to.

  • 0

Your SUPREME RESPECTED LEADER VISUALPLUGIN blesses the current occasion which attracts you to my presence.

Users viewing this thread:

( Members: 0, Guests: 1, Total: 1 )