Pyrondon
|
  |
| Joined: 01 Sep 2013 |
| Total Posts: 81 |
|
|
| 28 Dec 2016 06:20 PM |
For those who don't know, game.GetObjects is a function which, according to the API changelog on Anaminus' github, was removed in version 0.215.0.64271. However, for some reason this method can still be used in scripts with the PluginSecurity level. This is an issue because it allows people to steal the source of private modules, and potentially be able to take the contents of a game. An example: c6017b75ebe1ccc9bef1c973d3029d36.png (domain is ozayg backwards).
Now that we've InsertService, there's no need for game.GetObjects, and it's just a security risk at this point. I urge whoever has the power to put this into action, or whoever has the connections to inform those who do, to deal with this substantial issue. Thank you! |
|
|
| Report Abuse |
|
|
Borsy
|
  |
| Joined: 31 Jul 2014 |
| Total Posts: 15111 |
|
|
| 28 Dec 2016 06:35 PM |
no idea why you're suggesting this, you can't load a private module in any way other than if it wasn't private or you owned it, this includes using GetObjects (also i see you weren't able to make up your mind whether its "game.GetObjects", or a function "game:GetObjects")
|
|
|
| Report Abuse |
|
|
powdercat
|
  |
| Joined: 27 Dec 2011 |
| Total Posts: 2197 |
|
|
| 28 Dec 2016 07:06 PM |
I don't script, but I'm glad you explained it so I can understand it. Support.
The Hippie of S&I. r+://536746421 |
|
|
| Report Abuse |
|
|
Pyrondon
|
  |
| Joined: 01 Sep 2013 |
| Total Posts: 81 |
|
|
| 28 Dec 2016 07:35 PM |
@Borsy
If you actually look at the link I added, you'll see that you CAN use it to get the source of a private module. I refer to it as game.GetObjects because it's a member function of game. game:GetObjects() is the same as game.GetObjects(game). I'm not entirely sure why you mention that, though, as it's pedantic and completely irrelevant to the problem at hand. |
|
|
| Report Abuse |
|
|
|
| 28 Dec 2016 07:40 PM |
| You were only able to do this because you uploaded the model. |
|
|
| Report Abuse |
|
|
Pyrondon
|
  |
| Joined: 01 Sep 2013 |
| Total Posts: 81 |
|
|
| 28 Dec 2016 07:46 PM |
This is a private module which I did not upload. https://www.roblox.com/library/539232410/module
This is the result from running that same code, but using the above module instead (aforementioned domain name). /c6ac306de69f97d31615967e58b8d186.png
It is not limited to models which I uploaded. |
|
|
| Report Abuse |
|
|
Pyrondon
|
  |
| Joined: 01 Sep 2013 |
| Total Posts: 81 |
|
|
| 28 Dec 2016 08:06 PM |
| Generally I dislike bumping, but this needs to be noticed. Bump. |
|
|
| Report Abuse |
|
|
|
| 28 Dec 2016 09:20 PM |
| I stand corrected, this does seem to a pretty major security issue. ROBLOX - FIXITFIXITFIXIT. |
|
|
| Report Abuse |
|
|
hajimeme
|
  |
| Joined: 03 Aug 2010 |
| Total Posts: 676 |
|
|
| 28 Dec 2016 09:28 PM |
| sure, i don't get all your scripting fancy talk, but support. |
|
|
| Report Abuse |
|
|
Pyrondon
|
  |
| Joined: 01 Sep 2013 |
| Total Posts: 81 |
|
|
| 28 Dec 2016 11:23 PM |
| Apologising in advance for another bump; this is very concerning to me and I am hoping raising awareness will help it get fixed. |
|
|
| Report Abuse |
|
|
|
| 28 Dec 2016 11:26 PM |
@Pyrondon
No need to apologize for your bumps. This suggestion is great, and it needs to be implemented as soon as possible. Bump as much as you need to.
Also, I support this suggestion. |
|
|
| Report Abuse |
|
|
Tinfold
|
  |
| Joined: 11 May 2010 |
| Total Posts: 1435 |
|
|
| 28 Dec 2016 11:46 PM |
| I hope this thread gets buried so I can use this |
|
|
| Report Abuse |
|
|
|
| 28 Dec 2016 11:49 PM |
Sounds like something that should be used in a Roblox "Antivirus"
So it would use like game.GetObjects = Vaccine and then destroy all vaccine scripts in the workspace?
I Don't know scripting.
HEY I MIGHT HAVE SCRIPTING IN MY GAMES BUT THEY AREN'T STOLEN I USED TUTORIALS DAMMIT!
LENNYFACE IS 4 MAGGOSTS! ( ͡° ͜ʖ ͡°) AHHHHHHHHHHHHHHHHHHHHHH ALL TEH MAGGOSTS ( ͡° ͜ʖ ͡°) NICE MEMESIES U HAS DERE ( ͡° ͜ʖ ͡°) |
|
|
| Report Abuse |
|
|
| |
|
Pyrondon
|
  |
| Joined: 01 Sep 2013 |
| Total Posts: 81 |
|
| |
|
Pyrondon
|
  |
| Joined: 01 Sep 2013 |
| Total Posts: 81 |
|
| |
|
| |
|
|
| 29 Dec 2016 10:02 AM |
I just tried what you've done and it only works with modules that you have uploaded otherwise it returns this error: 409 - User is not authorizhed to acess asset. p"r"n"t"."s"c/dpcgld (^remove the quotation marks^)
- 𝓣𝓱𝓮𝓐𝓭𝓭𝓲𝓬𝓽𝓟𝓵𝓪𝔂𝓮𝓻 | Current RAP: R$576 | #DownWithSift |
|
|
| Report Abuse |
|
|
Pyrondon
|
  |
| Joined: 01 Sep 2013 |
| Total Posts: 81 |
|
|
| 29 Dec 2016 02:46 PM |
I tested it out above with a random module from the library, which I did not upload. It allowed me to see the source of it.
I'm not sure why you got that error, but I know it isn't limited to modules which I uploaded. |
|
|
| Report Abuse |
|
|
Borsy
|
  |
| Joined: 31 Jul 2014 |
| Total Posts: 15111 |
|
|
| 29 Dec 2016 03:12 PM |
"If you actually look at the link I added, you'll see that you CAN use it to get the source of a private module" no, it worked because you CREATED the private module. try it with a private module made by someone else and it wont work
|
|
|
| Report Abuse |
|
|
Borsy
|
  |
| Joined: 31 Jul 2014 |
| Total Posts: 15111 |
|
|
| 29 Dec 2016 03:16 PM |
try getting the source code of this module then https://www.roblox.com/library/592663076/Private-Module
|
|
|
| Report Abuse |
|
|
|
| 29 Dec 2016 03:55 PM |
| Borsy, I believe it only affects modules named MainModule. I am unable to retrieve your source code but I could retrieve other private module source code. |
|
|
| Report Abuse |
|
|