Project X Forums :: View topic - Critical issue in ProjectX scripting engine

Project X Forums http://px.worms2d.info/forum/

Critical issue in ProjectX scripting engine http://px.worms2d.info/forum/viewtopic.php?f=15&t=2158	Page 1 of 1

Author:	DUP [ Sat Mar 30, 2024 6:24 pm ]
Post subject:	Critical issue in ProjectX scripting engine
Hello everyone! Long time ago i was a PX 0.8.0 tester and i founded a critical 0day bug in Entuser's scripting engine (EAX compiler), i wrote him at the moment his was online, he told that he will fix it, but nothing was done. Few weeks before this post i play some games with PX and remembered that issue. I go to the Entuser editors to a check bug presense and it is in his place.. (sorry my bad english). In few words - bug allows to control players PCs who start game with bad PX script, owner of script(host) can do anything that WA system process can . Now im working on exploit that will demonstrate the power of this bug. I plan to fix compiler and some inner PX problems that allow such bugs. I will upload fix for wkPX.dll here, then i will upload code of exploit next week after this patch.

Author:	x0rang3x [ Mon Apr 01, 2024 10:44 pm ]
Post subject:	Re: Critical issue in ProjectX scripting engine
Hello DUP, thanks for pointing this issue, not many players are active nowadays, we are maybe 20-30 people at max, and no one has ill intents towards each other. But please let us know about your work, looking forward to getting PX even better.

Author:	DUP [ Tue Apr 30, 2024 5:28 pm ]
Post subject:	Re: Critical issue in ProjectX scripting engine
Exploit is ready, i thought make it more powerfull - download some stuff from internet, launch it (it will do some things like copy some valuable files from your computer to zip archive on your desktop, to demonstrate a level of danger of this issue), but i rejected this, because i will publish these sources and i dont want someone will use this "with a light hand" (ready to use and working thing for bad things). Exploit change your desktop wallpaper to black screen, i think this is enought for demonstration. I begin work on patch for PX. I don't think it will be included in official bundle (but i hope), I will make it as an extension of wkPX module for now (wormkit module file that will fix problems in PX). After that work done i will publush exploit code and details about it. (Busy at work, may delay with the release stay tuned

Page 1 of 1	All times are UTC
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/