Posted
Hello Guys!
Sadly, Roblox has a new giant vulnerability that I'm trying to spread awareness about. The vulnerability allows the executor of the method to run any JS code on your Roblox account, with you just joining a game. They usually run a JS code to steal all of your Robux and then terminate you. (the robux-stealing-part has only been added since a few hours). I summarized everything I know about this after voice-chatting with the creator of this giant vulnerability (I don't support his actions.) Even Youtubers with millions of subscribers have been termed as of now.
Here's my summarization of what exactly happened:
https://cdn.discordapp.com/attachments/978752694007242852/998664577241854013/unknown.png
EDIT: They got a roblox admin to join their game, means more and more games are possibly backdoored
NEW UPDATE: 200K ACCOUNTS HAVE BEEN BANNED! KOHLS ADMIN GOT HACKED (A LOT OF GAMES USE THIS PLUGIN) BEWARE!
https://media.discordapp.net/attachments/995074105747439616/998930568215539842/unknown.png
fka as delta
Replied
reminds me a bit of log4j / log4shell. thanks for the heads up
Cancel
Post
Replied
really proves that all roblox cares about is money
Cancel
Post
Did I mention I use arch btw?
Replied
I think this was inevitable and we all saw it coming, roblox deserved it in every way. good job dwc :)
"The vulnerability allows the executor of the method to run any JS code on your Roblox account, with you just joining a game." until theres solid proof I dont believe that, in fact there isnt much proof on this thread except for the fact that games can now get you banned, that is true information.
please next time try to polish up the thread and with proof of the interview and everything thanks
https://cdn.discordapp.com/emojis/719305986703228978.png
Cancel
Post
Replied
let me correct you here, it isnt a JS code, its a roblox feature (https://developer.roblox.com/en-us/api-reference/function/StarterGui/SetCore) it uses
"MessagePosted"
it makes it so roblox thinks u are typing these manually. and the robux stealing is just the same thing was 2021, its just a gui hiding the buy button, khols admin isnt hacked, only the fake ones are, also there is a new method to inject a backdoor to any game, only like 10 ppl have it, that means that they can just enter adopt me and *boosh* (i think, not confirmed)
Cancel
Post
https://cdn.discordapp.com/attachments/996450127302639678/996455385064022126/unknown.png
https://cdn.discordapp.com/attachments/952278170382524497/996457107886972959/unknown.png
fka as delta
Users viewing this thread:
( Members: 0, Guests: 0, Total: 0 )
Cancel
Post