Posted
Before I start, the WeAreDevs API and all exploits using it like JJSploit are already safe from this. This thread was meant for exploits that haven't fixed it. Lua wrappers are likely using the Lua 5.1 source from lua.org. Directly downloading that and using it for exploits does open some vulnerabilities. Specifically, the OS library has an execute method which lets you run commands directly to Window's command line. For example, the os.execute("shutdown") script would shut down the computer. If you're familiar with the power of the command line, you'd know that this can open much worse, but I don't want to give anyone ideas. The IO library lets you read and write files on the computer. This opens the ability to read files which would store login cookies or anything else you consider personal.
If you're not the developer of an exploit and want to run scripts without worry, run this script to block the exploitable functions.
os.execute = nil
os.remove = nil
os.rename = nil
os.tmpname = nil
io = nil
If that doesn't work, then try this
os=nil
io=nill
The above is not recommended as the functions are still accessible, but they're a wall you can put up. There's not much else you can do if you're only a consumer. If you are the developer of an exploit, you will want to navigate to the IO and OS libraries and remove the vulnerabilities entirely. You can find them in loslib.c and loslib.c
I'm just a chill guy fr 🤙
Replied
Vouch on my couch in my house.
Cancel
Post
...
Users viewing this thread:
( Members: 0, Guests: 1, Total: 1 )
Cancel
Post