Forum > Complaints >
The request() function
Posted
After a few weeks of intermittent JJSploit crashes, I was able to trace my issues down to a single library function: request. I looked into HttpService:RequestAsync(), which has the same argument structure as request. But when I use it, I receive an error message stating that WRD disabled the function call 'for security reasons'. My guess is that this was put in place to mitigate the ACE vulnerability from last month, but request seems to have suffered as a result. I've noticed that many calls to request must be done to reproduce this crash; it's probably a memory-management issue.
for i=1,66e5 do
request{Url='google.com'}
end
Within seconds after I ran this script, JJSploit crashed on me.
I run a chatlogger on my client and save them to a public Discord channel. Though I can also store these logs to a file using writefile, having reliable, real-time HTTP connectivity without additional software would help JJSploit as reliable as we expect it to be.
Thank you in advance for the bug fixes!
Your SUPREME RESPECTED LEADER VISUALPLUGIN blesses the current occasion which attracts you to my presence.
Replied
my guy i think it's the fact that you're trying to send 6,600,000 requests to google.com without a single wait lol
Cancel
Post
"Questionable intellegence, but I like the mystery" - CubeFaces
https://cdn.discordapp.com/attachments/1136067487847415848/1138948596679589898/sig.png
Replied
Hi. I've used the process of elimination to figure out which of my scripts that run upon injection is causing the issue. I can say with 80% confidence that request is the culprit.
If request were properly managed, my executor wouldn't have crashed with an unknown-symbol exception (i.e., when a 'Fatal error' popup comes up) as it did.
I've run other routines far more times and the VM was able to manage just fine.
function f(i)return i==1 and 1 or f(i-1)end
f(1e7)
The VM prints a stack-overflow exception to the devconsole; JJSploit is still running fine even under deep recursion, even if f is wrapped under newcclosure.
local t={}
for i=1,1e5 do
t[i]={}
for j=1,1e5 do
t[i][j]=i
end
end
Still no crash. JJSploit simply prints that there is 'not enough memory' and terminates the thread.
Cancel
Post
Added
Hi. The purpose of my post is to inform developers working in WRD about my findings. To my knowledge, exploiters don't really interact outside of RÅblox other than with game:HttpGet to load external scripts. Synapse, and thus JJSploit, have a library function that allows POST requests to be made that game:HttpGet doesn't really have access to.
Cancel
Post
Your SUPREME RESPECTED LEADER VISUALPLUGIN blesses the current occasion which attracts you to my presence.
Users viewing this thread:
( Members: 0, Guests: 1, Total: 1 )
Cancel
Post