Forum > General >

How to fix IO and OS vulnerabilities in Lua source

WRD

Owner

admin

Posts: 990

Threads: 33

Joined: Dec, 2016

Reputation: 106

Posted

Before I start, the WeAreDevs API and all exploits using it like JJSploit are already safe from this. This thread was meant for exploits that haven't fixed it. Lua wrappers are likely using the Lua 5.1 source from lua.org. Directly downloading that and using it for exploits does open some vulnerabilities. Specifically, the OS library has an execute method which lets you run commands directly to Window's command line. For example, the os.execute("shutdown") script would shut down the computer. If you're familiar with the power of the command line, you'd know that this can open much worse, but I don't want to give anyone ideas. The IO library lets you read and write files on the computer. This opens the ability to read files which would store login cookies or anything else you consider personal.

 

If you're not the developer of an exploit and want to run scripts without worry, run this script to block the exploitable functions.

os.execute = nil

os.remove = nil

os.rename = nil

os.tmpname = nil

io = nil

If that doesn't work, then try this

os=nil

io=nill

 

The above is not recommended as the functions are still accessible, but they're a wall you can put up. There's not much else you can do if you're only a consumer. If you are the developer of an exploit, you will want to navigate to the IO and OS libraries and remove the vulnerabilities entirely. You can find them in loslib.c and loslib.c

  • 0

I'm just a chill guy fr 🤙

classiccat

#becomeacat

vip

Posts: 418

Threads: 1

Joined: Aug, 2019

Reputation: -47

Replied

Vouch on my couch in my house.

  • 0

...

Users viewing this thread:

( Members: 0, Guests: 1, Total: 1 )