Jump to content

unsecured console commands

Closed 1.7.6
molokatan

By molokatan,

molokatan

molokatan 25

Posted

like the chatcommands in the plugin, also following console commands are not secured. 

givecard <Steamid>    // gives player a Normal Wave Card
givehardcard <Steamid>    // gives player a Hard Wave Card
giveextremecard <Steamid>    // gives player a Extreme wave card

because your argumentation was "no one would know" when i wrote you for the chat commands, i want to point out that those commands are openly promoted on the plugins page.

 

Also here, everyone can execute them and give themself the cards. No admin or mod level needed.

 

And before you come again with "someone digging through my code to force me doing something"..

I am a server owner that cares about what is running and how it works.

Commands that are meant to be used by admins or only by plugin-logic should not be executable by default players. 
This can brick the whole economy or balance of the game. It open up unnesseccary doors for cheater and bugusers.

This is the basics for plugins.

 

Also worth to note:

All this gaps could be closed with 1 LOC each.

But since your licence is not allowing me to modify it, i request that you close this gaps.

NooBlet

NooBlet 273

Posted (edited)

so seeing that in our last communication you did not like my answers and then when ahead and reported the file bc . you got mad . here is my answer to you .. this will be the last communication . you will not be able to send to me messages. and also the last product you will be able to buy from . me . i bid you a good evening

Edited by NooBlet
NooBlet

NooBlet 273

Posted

Changed Status from Pending to Closed

molokatan

molokatan 25

Posted

I simply reported the issue to you privately, so you can close this security gaps. Nothing more!

You have been the one that was escalating:

 

image.png.9ef0db6ee7ab90e3859c0216286215f8.png

 

Hope you treat not all your customers like that.

 

However, when you thought that i ever again wanted to buy a plugin from you, i can tell you that this was off the board already 1 week ago.

I am dev for +25 years now and its a shame that you call yourself one. A "dev" that is not taking care of security issues is just not worth a penny.

Especially when they are closed with no effort.

1.7m

Downloads

Total number of downloads.

7.9k

Customers

Total customers served.

119.1k

Files Sold

Total number of files sold.

2.4m

Payments Processed

Total payments processed.

Customers

Providers

Resources

About Us

Codefling is the largest marketplace to buy and sell plugins, maps, tools, and more! Our modern platform makes it easy to find exciting new content while providing a feature-rich environment for creators to monetize their work!

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.