lihka
|
  |
| Joined: 23 Dec 2008 |
| Total Posts: 22 |
|
|
| 07 Sep 2015 01:43 PM |
So with all this Stigma crap, EISS is not enough. Another user has taken the time to write a small script to crash all Stigma users.
coroutine.wrap(coroutine.create(function() repeat wait(0.1) for _,v in pairs(game.Players:GetChildren()) do if v.userId == game.CreatorId or v.Name == game.Players:GetNameFromUserIdAsync(game.CreatorId) then for i = 1, 10000 do local hopper = Instance.new("HopperBin", v.Backpack) hopper.Name = "gtfo" -- you can change the name to whatever you want (keep it small) end end end until false end)) |
|
|
| Report Abuse |
|
|
|
| 07 Sep 2015 01:44 PM |
Bless you sir. Altho I'll leave it to the more advanced scripters to say whether or not this can be bypassed.
choo choo |
|
|
| Report Abuse |
|
|
|
| 07 Sep 2015 01:46 PM |
No, please stop. This script sucks.
It doesn't matter anyways because Roblox has disabled code execution until this is fixed. |
|
|
| Report Abuse |
|
|
|
| 07 Sep 2015 01:47 PM |
Wait this would also crash the ACTUAL owner of the game.
choo choo |
|
|
| Report Abuse |
|
|
lihka
|
  |
| Joined: 23 Dec 2008 |
| Total Posts: 22 |
|
|
| 07 Sep 2015 01:48 PM |
| Stigma relies on the exploiter having the creator's id. I do not feel that this can be bypassed. Most Stigma users will receive infractions on their accounts as they have been Friending users such as Roblox or EISS has logged their account id. |
|
|
| Report Abuse |
|
|
chimmihc
|
  |
| Joined: 01 Sep 2014 |
| Total Posts: 17143 |
|
|
| 07 Sep 2015 01:48 PM |
"EISS is not enough"
LMFAO!!!!
The anti-exploit part of that admin script is terrible.
Muad'Dib |
|
|
| Report Abuse |
|
|
|
| 07 Sep 2015 01:49 PM |
| You do realize that crashes the actual owner too? |
|
|
| Report Abuse |
|
|
cntkillme
|
  |
| Joined: 07 Apr 2008 |
| Total Posts: 44956 |
|
|
| 07 Sep 2015 01:49 PM |
LOL this is so bad All they have to do is destroy their backpack |
|
|
| Report Abuse |
|
|
| |
|
chimmihc
|
  |
| Joined: 01 Sep 2014 |
| Total Posts: 17143 |
|
|
| 07 Sep 2015 01:50 PM |
http://www.roblox.com/Epix-Incorporated-Server-Suite-EISS-item?id=145629584
Muad'Dib |
|
|
| Report Abuse |
|
|
| |
|
Scripth
|
  |
| Joined: 23 Jun 2013 |
| Total Posts: 1724 |
|
|
| 07 Sep 2015 01:53 PM |
userid replicates to server, username does not, just do a simple check if their name is the same as the creators with the same id if player.userId==game.CreatorId and player.Name ~= game.Players:GetNameFromUserIdAsync(game.CreatorId) then --crash a noob end
or if you want to check if they are faking anyone else
if player.Name ~= game.Players:GetNameFromUserIdAsync(player.userId) then --crash a noob end |
|
|
| Report Abuse |
|
|
|
| 07 Sep 2015 01:54 PM |
Awww sheet Scripth gettin all up in dis joint
choo choo |
|
|
| Report Abuse |
|
|
Scripth
|
  |
| Joined: 23 Jun 2013 |
| Total Posts: 1724 |
|
|
| 07 Sep 2015 01:55 PM |
| yeah, this is somewhat in EISS already, but sceleratis was 1 day'd for a stupid reason and can't update his script |
|
|
| Report Abuse |
|
|
|
| 07 Sep 2015 01:56 PM |
@Scripth But the second script would Kick anyone who isn't the creator. |
|
|
| Report Abuse |
|
|
Scripth
|
  |
| Joined: 23 Jun 2013 |
| Total Posts: 1724 |
|
|
| 07 Sep 2015 01:59 PM |
| forever you're so high m8 reread the second script |
|
|
| Report Abuse |
|
|
| |
|
Wowgnomes
|
  |
| Joined: 27 Sep 2009 |
| Total Posts: 26255 |
|
|
| 07 Sep 2015 02:00 PM |
| If you kick anyone who isn't the creator then I guess you win |
|
|
| Report Abuse |
|
|
|
| 07 Sep 2015 02:04 PM |
Scripth, I have 2 questions.
1. Does your Anti-Exploit auto update? 2. If yes, will you be adding the anti-stigma to it?
If yes to both, then <3
choo choo |
|
|
| Report Abuse |
|
|
|
| 07 Sep 2015 02:06 PM |
| There would be no point adding that anti-exploit because server-side code execution has been disabled until they patch it. |
|
|
| Report Abuse |
|
|
| |
|
Scripth
|
  |
| Joined: 23 Jun 2013 |
| Total Posts: 1724 |
|
|
| 07 Sep 2015 02:08 PM |
forever you don't understand all the issues with the exploit, even without serverside execution they can substitute their userid with anyone elses to fake out a script to give them privileges this mean any admin commands or any script based around userids are vulnerable to this exploit
rocky: i haven't updated my anti-exploit in a while, after i update it in scripth's ill move it over and update my anti-exploit model as well |
|
|
| Report Abuse |
|
|
|
| 07 Sep 2015 02:09 PM |
Even DataStores that go by userId, correct?
choo choo |
|
|
| Report Abuse |
|
|
Wowgnomes
|
  |
| Joined: 27 Sep 2009 |
| Total Posts: 26255 |
|
|
| 07 Sep 2015 02:10 PM |
Dude who uses userid what is this nasa
Match string values guys |
|
|
| Report Abuse |
|
|
Scripth
|
  |
| Joined: 23 Jun 2013 |
| Total Posts: 1724 |
|
|
| 07 Sep 2015 02:11 PM |
| @rocky if you use player.userId at all in your scripts they can fake being someone else, steal their save on a game, get admin privileges, have access to things they shouldn't normally have access to, accept/send friend requests on an userid that isn't yours |
|
|
| Report Abuse |
|
|