Project X Forums



It is currently Thu Dec 12, 2024 10:45 am

All times are UTC




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: Critical issue in ProjectX scripting engine
PostPosted: Sat Mar 30, 2024 6:24 pm 
Offline
Betatester

Joined: Fri Jan 07, 2011 9:28 am
Posts: 4
Hello everyone! Long time ago i was a PX 0.8.0 tester and i founded a critical 0day bug in Entuser's scripting engine (EAX compiler), i wrote him at the moment his was online, he told that he will fix it, but nothing was done. Few weeks before this post i play some games with PX and remembered that issue. I go to the Entuser editors to a check bug presense and it is in his place.. (sorry my bad english). In few words - bug allows to control players PCs who start game with bad PX script, owner of script(host) can do anything that WA system process can . Now im working on exploit that will demonstrate the power of this bug. I plan to fix compiler and some inner PX problems that allow such bugs. I will upload fix for wkPX.dll here, then i will upload code of exploit next week after this patch.


Top
 Profile  
Reply with quote  
 Post subject: Re: Critical issue in ProjectX scripting engine
PostPosted: Mon Apr 01, 2024 10:44 pm 
Offline

Joined: Thu May 29, 2014 12:55 am
Posts: 13
Hello DUP, thanks for pointing this issue, not many players are active nowadays, we are maybe 20-30 people at max, and no one has ill intents towards each other. But please let us know about your work, looking forward to getting PX even better.


Top
 Profile  
Reply with quote  
 Post subject: Re: Critical issue in ProjectX scripting engine
PostPosted: Tue Apr 30, 2024 5:28 pm 
Offline
Betatester

Joined: Fri Jan 07, 2011 9:28 am
Posts: 4
Exploit is ready, i thought make it more powerfull - download some stuff from internet, launch it (it will do some things like copy some valuable files from your computer to zip archive on your desktop, to demonstrate a level of danger of this issue), but i rejected this, because i will publish these sources and i dont want someone will use this "with a light hand" (ready to use and working thing for bad things).

Exploit change your desktop wallpaper to black screen, i think this is enought for demonstration.

I begin work on patch for PX. I don't think it will be included in official bundle (but i hope), I will make it as an extension of wkPX module for now (wormkit module file that will fix problems in PX).

After that work done i will publush exploit code and details about it.

(Busy at work, may delay with the release :)

stay tuned ;)


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 9 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Skin by Lucas Kane