|
| 01 Jan 2014 10:37 PM |
You do need Level 5 context to get to it, so you thankfully won't be able to do it online unless you had another way to get Level 5, so I am going to assume it's safe to post here.
This is a very weird exploit and I don't know exactly why this happens.
Open Roblox Studio, and go into a Test > Play Solo instance and paste this into the command bar:
a = Instance.new("BindableFunction")
a.OnInvoke = function() for _,i in pairs(getfenv()) do print(_.." - "..tostring(i)) end end
a:Invoke()
And what do you get?
The environment of http://www.roblox.com/Game/visit.ashx, a level 7 thread of course!
It finds its current environment to be:
a - Function ifSeleniumThenSetCookie - function: 0xa85ae60 success - true registerPlay - function: 0xa8543c0 visit - Visit doVisit - function: 0xa839190 pcall - function: 0x6e75590 player - Player1
You can also try calling doVisit inside it
a = Instance.new("BindableFunction")
a.OnInvoke = function() doVisit() end
a:Invoke()
Doing so results in something like this:
19:54:55.806 - Local player already exists 19:54:55.806 - Script '[string ""]', Line 107 - global doVisit 19:54:55.806 - Script 'a = Instance.new("BindableFunction"); a.OnInvoke = function', Line 6 19:54:55.807 - stack end 19:54:55.807 - Local player already exists 19:54:55.807 - Script 'a = Instance.new("BindableFunction"); a.OnInvoke = function', Line 7 19:54:55.808 - stack end
The most notable thing is 19:54:55.806 - Script '[string ""]', Line 107 - global doVisit, as Line 107 in http://www.roblox.com/Game/visit.ashx is player = game:GetService("Players"):CreateLocalPlayer(0), which makes perfect sense that its erroring with Local player already exists. The method is not locked to Level 5, though, but you are still accessing the environment of a level 7 thread. I haven't figured out a good way to be able to run my own code in Level 7 context, though, but I'm sure there's a way.
I doubt it's practical in any way because of all its requirements, but I just found it interesting. I also sent it to Sorcus for him to look at it.
That is all! Happy hacking! |
|
|
| Report Abuse |
|
|
misgav11
|
  |
| Joined: 21 Apr 2011 |
| Total Posts: 3418 |
|
|
| 01 Jan 2014 10:40 PM |
wut,are you dumb, or you really want to ruin roblox? we all ready got major idiotic kids running around destroying games, i dont want to deal with move much more powerful idiotic exploiters.
let this thread die and get deleted. |
|
|
| Report Abuse |
|
|
|
| 01 Jan 2014 10:40 PM |
It makes sense that this happens. You're just the visit in play solo.
~LuaWeaver; Programmer, gamer, developer. |
|
|
| Report Abuse |
|
|
|
| 01 Jan 2014 10:41 PM |
@misgav11: Shut up already. Can you even read? |
|
|
| Report Abuse |
|
|
|
| 01 Jan 2014 10:41 PM |
| Mis, you can't do it online unless you have level 5 (which is highly unlikely) |
|
|
| Report Abuse |
|
|
|
| 01 Jan 2014 10:42 PM |
| @TheLua It makes sense to spill out the environment of a Level 7 thread to lower level threads? |
|
|
| Report Abuse |
|
|
misgav11
|
  |
| Joined: 21 Apr 2011 |
| Total Posts: 3418 |
|
|
| 01 Jan 2014 10:42 PM |
| still, you giving this away to public. |
|
|
| Report Abuse |
|
|
|
| 01 Jan 2014 10:42 PM |
It's not "spilling the environment".
~LuaWeaver; Programmer, gamer, developer. |
|
|
| Report Abuse |
|
|
xSIXx
|
  |
| Joined: 06 Aug 2010 |
| Total Posts: 9202 |
|
|
| 01 Jan 2014 10:43 PM |
"Mis, you can't do it online unless you have level 5 (which is highly unlikely)"
then honestly, what's the fun? |
|
|
| Report Abuse |
|
|
|
| 01 Jan 2014 10:44 PM |
| @xSIX it's not fun, but it's still level 7 |
|
|
| Report Abuse |
|
|
|
| 01 Jan 2014 10:46 PM |
@mis I'm giving away an exploit that people can only do to themselves in studio.
It's harmless unless you have level 5, which rendersettings did have a year ago |
|
|
| Report Abuse |
|
|
|
| 01 Jan 2014 10:47 PM |
I thought he had 3.
~LuaWeaver; Programmer, gamer, developer. |
|
|
| Report Abuse |
|
|
misgav11
|
  |
| Joined: 21 Apr 2011 |
| Total Posts: 3418 |
|
|
| 01 Jan 2014 10:47 PM |
| well on the positive side admins will see this and be aware. im nutral |
|
|
| Report Abuse |
|
|
|
| 01 Jan 2014 10:48 PM |
| It hooked into corescripts (4), and he could then hook into a starterscript from there (5), and if this new exploit was known, you could get 7 |
|
|
| Report Abuse |
|
|
|
| 01 Jan 2014 10:48 PM |
Misgav, I'd recommend staying out of the advanced discussion (or even basic) until you have a good understanding of Lua.
~LuaWeaver; Programmer, gamer, developer. |
|
|
| Report Abuse |
|
|
|
| 01 Jan 2014 10:49 PM |
@mis It's an exploit that is unable to be released into the wild. I don't see the problem.
And besides, I haven't found out a good way to hook into it yet, it if worked at Level 1 (plugins), then I could hook into something like ifSelenumSetCookie or whatever it is |
|
|
| Report Abuse |
|
|
misgav11
|
  |
| Joined: 21 Apr 2011 |
| Total Posts: 3418 |
|
|
| 01 Jan 2014 10:53 PM |
TheLuaWeaver, hu? RyanDolan123, hu? and why do you want to exploit exactly? you do understend you give allot of bad information for yourself in an admin going to read this. |
|
|
| Report Abuse |
|
|
Legend26
|
  |
| Joined: 08 Sep 2008 |
| Total Posts: 10586 |
|
|
| 01 Jan 2014 10:55 PM |
This code shows that the bindable part of this is moot.
for _,v in next, getfenv() do print(_,v) end
prints
visit Visit registerPlay function: 0A5F8058 success true a Function doVisit function: 0A5F80B8 player Player1 ifSeleniumThenSetCookie function: 0A5F7CF8
It's strange that you have visit.ashx's environment, though. Especially considering command line / visit.ashx have different identities... |
|
|
| Report Abuse |
|
|
|
| 01 Jan 2014 10:55 PM |
| I tried changing the pcall function to hook in but it didn't call it with level 7. This could be a nice stepping stone to get a full level 7 exploit, which you can't use online, but hey, it's still level 7. |
|
|
| Report Abuse |
|
|
MettaurSp
|
  |
| Joined: 20 Mar 2010 |
| Total Posts: 3179 |
|
|
| 01 Jan 2014 10:56 PM |
| misgav, look at RenderSettings. He pulls this (not quite so literally) all the time and the mods don't seem to care. Plus judging by the hat he has and what he said in a thread that I saw once, he turns the exploits in to the mods. |
|
|
| Report Abuse |
|
|
misgav11
|
  |
| Joined: 21 Apr 2011 |
| Total Posts: 3418 |
|
|
| 01 Jan 2014 10:58 PM |
"Plus judging by the hat he has" this is not a resole for pixel hats. and if the mods really dont care roblox is really corrupted then |
|
|
| Report Abuse |
|
|
misgav11
|
  |
| Joined: 21 Apr 2011 |
| Total Posts: 3418 |
|
| |
|
|
| 01 Jan 2014 10:58 PM |
@Legend It's strange that you randomly get it's environment by creating a BindableFunction and calling it yourself.
I accidentally found it when trying to find a level 4 exploit by trying to hook into CoreScripts using the bindablefunction in the backpack corescript. That failed, but when I checked the environment randomly I noticed the visit.ashx environment.
I have no clue why it does this, but it does. |
|
|
| Report Abuse |
|
|
Legend26
|
  |
| Joined: 08 Sep 2008 |
| Total Posts: 10586 |
|
|
| 01 Jan 2014 11:00 PM |
| What I mean is when I test by simply iterating through getfenv() without the bindable, I get the same thing. I don't think the bindable is what's causing this. |
|
|
| Report Abuse |
|
|
MettaurSp
|
  |
| Joined: 20 Mar 2010 |
| Total Posts: 3179 |
|
|
| 01 Jan 2014 11:00 PM |
http://www.roblox.com/Boss-White-Hat-item?id=89171071 This is what I was getting at with the hat thing. Only given to those who have exploited for the sake of Roblox. |
|
|
| Report Abuse |
|
|