|
| 28 Mar 2012 08:45 AM |
I'm guessing you all probably know about these... but just in case;
http://www.roblox.com/IDE/ClientToolbox.js http://www.roblox.com/js/extensions/string.js http://www.roblox.com/js/AjaxHelper.js http://www.roblox.com/js/jquery-1.4.4.min.js http://www.roblox.com/game/visit.ashx http://www.roblox.com/game/studio.ashx http://www.roblox.com/IDE/ClientSetsToolbox.aspx |
|
|
| Report Abuse |
|
|
|
| 28 Mar 2012 08:47 AM |
Whoops, I forgot two...
http://www.roblox.com/ScriptResource.axd?d=Xdb16artqbtYP9Z1A6K0zY-UyiHrpUVpBQKUPrvLJ3IqMQc697DStc1ztG2P_jMxNuyEWBZpLtGcjSdiWUY1H4uX1F8m9oRiNmbKHtESOrSgAGQAE4fMJn-k4DZO0mu74tUGNsxwaJjJRfAJs0MRlqF1RXSWlSEAE61lwIRswZOTAWb30&t=ffffffff940d030f
http://www.roblox.com/WebResource.axd?d=h6JGmI6BQZ1O6dIyg8tR4IHvRle_W93uf4lq1t4EqaDE50xn2BLl08HF7RaibNd42F35_b4LDdnfmA2j9Hxw5dSCfJ81&t=634612342422051850 |
|
|
| Report Abuse |
|
|
|
| 28 Mar 2012 08:55 AM |
| I didn't kNEW about any of those, but I don't know what we could possibly do with it. |
|
|
| Report Abuse |
|
|
SQLi
|
  |
| Joined: 10 Jul 2011 |
| Total Posts: 1597 |
|
|
| 28 Mar 2012 08:58 AM |
| You used visit.ashx in one exploit. So, they can be very useful. |
|
|
| Report Abuse |
|
|
|
| 28 Mar 2012 08:58 AM |
| Well, we could _possibly_ link the Roblox source code from /IDE/ClientSetsToolbox.js to C:\Users\herpderp\Desktop\a.js (using cheat engine). But a.js would be a modified version where, while using an already valiant exploit, you could wreck even more massive havoc to a game. |
|
|
| Report Abuse |
|
|
|
| 28 Mar 2012 01:00 PM |
@mebilly
if they allow that to do whatever it wants through client side scripting, whoever coded it needs to be fired and I would be amused. I should hope that they validate it. |
|
|
| Report Abuse |
|
|
|
| 28 Mar 2012 01:03 PM |
@trappingnoobs
I tried for a tiny bit (with barely any effort) but I wasn't able to accomplish it... however, if someone know how to use cheat-engine better than me, they could probably do it (the problem with mine was I couldn't get the JavaScript to reload). |
|
|
| Report Abuse |
|
|
|
| 28 Mar 2012 01:05 PM |
| Not worth it, probably. Even a new programmer should realise they need to validate all information passed from javascript |
|
|
| Report Abuse |
|
|