Goonstation Forums
A PSA regarding trusting the client, courtesy of SpyGuy - Printable Version

+- Goonstation Forums (https://forum.ss13.co)
+-- Forum: Discussion (https://forum.ss13.co/forumdisplay.php?fid=6)
+--- Forum: Patches (https://forum.ss13.co/forumdisplay.php?fid=30)
+--- Thread: A PSA regarding trusting the client, courtesy of SpyGuy (/showthread.php?tid=11192)



A PSA regarding trusting the client, courtesy of SpyGuy - Noah Buttes - 10-16-2018

Please remember to be very careful when using Topic() and when dealing with hrefs, otherwise this could happen:




RE: A PSA regarding trusting the client, courtesy of SpyGuy - sankto - 10-16-2018

Oh, my god. Nice/terrifying find.


RE: A PSA regarding trusting the client, courtesy of SpyGuy - Lady Birb - 10-16-2018

oh god oh fuck oh why


RE: A PSA regarding trusting the client, courtesy of SpyGuy - NateTheSquid - 10-16-2018

I'm 100% sure this is supposed to be a youtube video but because youtube is experiencing outages in my location right now this is still pretty funny

500 Internal Server Error
Sorry, something went wrong.

A team of highly trained monkeys has been dispatched to deal with this situation.

If you see them, send them this information as text (screenshots frighten them):
   APkpgMUO9rRaBR1CIOE6gS6Kj-Pvk5A0TmqtjCH8gYcihgXKHCkVATgM
   XDTM0GGNQqgVkPVpLH-MdXIYw-jhhLsE0CyRWHJmOpiO8BApDM_xmSwC
   NyIgECJ3r1djO5rbPu9ll_fb7_9OfJqmBZSCck3JIhpMA5vatH--uVVP
   St3nHJZQR9-i60wrd9x9QGpR-eHhq8V-YDmG-RWODDcgbR07RpE9J2k5
   3B2g2lT_I36HcX4LtuXAGTRckzWz2pkGxiWGzBF2rwBUAJOXtLxsyEX1
   Qm99_SP0hmXthbDVigwAdGjPtgDKjlM3Fcp9WiCLOXnZzHrXB1q8M7gy
   bZ22Afg9Y6AoG2TZrLQaoQWU3EldC-wHNb8lB3Yn7KeMbZJVd0yjUzDo
   OjSi3hbJm7XVu9Ar75TaPh8l5cAgMnkIwiXu0JpTtVhZg_wMJ42mI59-
   ioLTs3WXpsYE9hBdTdK0Q_9lwmkUQevCPwjbmcyE-fu2MSdn3FPwDqFx
   8bmu_0w5IiJLYR17D5AgkuQu9_n6fcQf6Kf1luin70B2PGU0zwEL8A_w
   A9CX0iLh2gjG3aKxTGAh392hJZsrblW_uA7mZIHQj1nJAVXJeRv7Fx45
   XhuBznIB0ZUDl1xwtIPI3SyPqrFjU60ATcvBiKLpOiS0Al22FHL5fBFe
   oZC5Q3ZLAM5pgJFgHb0DlUxD2fT14KOdFmv6XLdzM4QHhC-qvDntnCAg
   ay-Ov5mjyLFkQcDexeg-fSnn65b8Roa-Q84D2JvXwyg4YF_u-1z4SUAU
   aZwOgd4xfV8BLIaqdUkED9kr78iE6QQS1KKYHhOTPgNCKLA6YV0SbhwE
   7cHNAjIhQSDh2usnoQLxrPipFZZRtczYdKTYUFoPuQZjcN56a6h1wC8d
   q0Ixx2octfEmukyzH8Qm917S0NKxapcIBDOThzuVCO6Lu-MUNZv2CqRW
   da3zg2TtO2wbZXN_OXpLAHN_ywHldna_uzi6flXnUpEHxqvWrKs6JKhU
   yAGsbgCh5qdQMvxRgxtP5gx6qYFvNhTfNjSKekodPO-FjQ_8Awc27x9G
   ITc2JICtzzWk23DZyYPEW3VWQCjLGb77Fmziq1Og222QRFRg7yYmzx-q
   ZrZwn0ljHw4QX4hFcORV-exc8bFBQ_PXRHXIg-FzIJ0zdWGG3OTwRFlR
   X0KL9CaXnCvhCx5Ienk4_F52F1xKZoMpxfpeYK9uJfbR5yJfZHC9iwHQ
   X2oL2h7KUrri99Aq7vKKyMDLVgXKOYQi8oGbsgE1ETnc02b3XH6TlXlZ
   5PSBvCFfst7ryQquQKKYo9lhvXCrirl683O0Np1kH6r-RmKJ7vzSZ6o6
   Po8W0_a2vzxOX_EEbUFknBVeN31FdEF2YH6lfM-Twx4bSAVceOQivIYi
   KcBb9AU_MNUI58taYSaHpSnAhgVzG_oMe6qiOlLRg78wG4f-EEarFA10
   TaKbLg0_gUpBf4SpVl2Tc2KzUnFX-KDDpXWYfUjJWAttkAhg4ZDEwHno
   G-15dZYvGCc79SFaJZmNJk7xokXobzMNo0wlg13yOpB_ps_X_zxfmceL
   MDI5NEaSiQlRTNBaW_xsljGvHJPOPdvH4UsVvUd2nop9NvZaHKgDsBiL
   xlz8AQYo0DDut0AaXyTu-KAb9Fb-OW-oV2aFUJwbmb8Mg96xg1G9Nmlh
   R2jbmcQoyefrFXkgn8natpMreg2C6D0Ncz5McuZqA9hPbHF6DnkRwMPp
   hAfxE3yrNxCf034BfbAyX0NQchVO3Wi__SiWAoQK7G2Pi4eQRR-uTnQV
   qCY6YA_SgCUIxF_zGmJeDhAZf-wQ66ApkM50li54bLpLQJ4v4DoORCXF
   T6hqgkbaCiqiSFklxf4nCvhjJBjZx5lKi4buO95uP8jPrAR4Kw6t0nOl
   t13Tf9ya8UKxdtgoU0ISHVyj2wSWasujcOPYDkBhTYTGbk1bWSvzBv60
   mvf0FOQH9a_3BkIODYkHMlnR8Xhg6__TD0R-LZjXu3mC9Zf9vmeIcUd3
   21Qn6wTG8xtw7ibYsJZbMkgVwS8GWPrdz47fSpW35Ie26qYDCSFRsnUS
   wZLzNkPTB02L95fCcH101D8drtLd8Kk0nERrYQshvEd3WWlaBgb5Hk6n
   n2JS9p8c-Xksa53b76gJfusVnrwz39lQpTMvmuPpAUPoCFArzJudCHe9
   IK4Z2jExwi99GlLaOnrli4NOvhvrV75iKI94JyxLggJ597Kipq22-M1g
   ea74N7KbWg1IaAonSD_NwQt-wEyF24LsCPAQi2thHHOxa32E_IG1XBwl
   H_VnlMc0JqnviUr2J1WcwO431vdBdkZX-bAdlFYQgIZzlu2JvKV6yW7H
   EHwNQN07sw-hHBmKoTulHssqZv9elIepzV_agLTP0l6B6FVSHRfTWz_C
   oWsGKtUQEjcjDx1V-XlsHz9iG24QwHUo4wCjcWpfpz7YOSVZpFIsoQgP
   pzNcsNTl3t-rbwSwqfOlAFdfL_waZ4ID5h8q41c



RE: A PSA regarding trusting the client, courtesy of SpyGuy - sankto - 10-16-2018

(10-16-2018, 06:16 PM)NateTheSquid Wrote: I'm 100% sure this is supposed to be a youtube video but because youtube is experiencing outages in my location right now this is still pretty funny
It's worldwide (the youtube outage).
The video show someone exploiting a machine ingame to run an unexpected link through an href tag, and end up with 10u of initropidril.


RE: A PSA regarding trusting the client, courtesy of SpyGuy - Xaviens - 10-20-2018

This really should have been uploaded in the exploits section so that everyone and their mother doesn't see it and use it.


RE: A PSA regarding trusting the client, courtesy of SpyGuy - Technature - 10-20-2018

(10-20-2018, 02:43 AM)Xaviens Wrote: This really should have been uploaded in the exploits section so that everyone and their mother doesn't see it and use it.



RE: A PSA regarding trusting the client, courtesy of SpyGuy - ZeWaka - 10-20-2018

(10-20-2018, 02:43 AM)Xaviens Wrote: This really should have been uploaded in the exploits section so that everyone and their mother doesn't see it and use it.

feel free to use it lol


RE: A PSA regarding trusting the client, courtesy of SpyGuy - Noah Buttes - 10-20-2018

(10-20-2018, 12:39 PM)ZeWaka Wrote:
(10-20-2018, 02:43 AM)Xaviens Wrote: This really should have been uploaded in the exploits section so that everyone and their mother doesn't see it and use it.

feel free to use it lol



RE: A PSA regarding trusting the client, courtesy of SpyGuy - Berrik - 10-20-2018

Chem creation/use is logged so anyone who does this will prob get found out immediately, I think.


RE: A PSA regarding trusting the client, courtesy of SpyGuy - Noah Buttes - 10-20-2018

(10-20-2018, 02:58 PM)Berrik Wrote: Chem creation/use is logged so anyone who does this will prob get found out immediately, I think.

It's also been patched entirely.

There's no way in hell I'd post this if Spyguy hadn't done a thorough sweep through the code for anything similar.


RE: A PSA regarding trusting the client, courtesy of SpyGuy - ZeWaka - 10-21-2018

(10-20-2018, 06:47 PM)Noah Buttes Wrote:
(10-20-2018, 02:58 PM)Berrik Wrote: Chem creation/use is logged so anyone who does this will prob get found out immediately, I think.

It's also been patched entirely.

There's no way in hell I'd post this if Spyguy hadn't done a thorough sweep through the code for anything similar.

also Spy literally posted the video himself

this was filmed quite a while ago