Exploiter Can Bypasses glitch Buy Donation Someone

ZuzrTkl · March 4, 2025, 12:39am

It Someone used alt and someone can BuyGp:fireserver(“99999999”) why i how do patched stop trying glitch donations
Client Script:

local A = game:GetService("MarketplaceService")
local B = game:GetService("Players")
local C = B.LocalPlayer

local function D(E)
	local F = E:GetAttribute("AssetId")
	local G = E:GetAttribute("AssetType")

	if not F then return end

	if G == "Gamepass" then
		game.ReplicatedStorage.Players.SendMySelf:FireServer("Progress purchasing,")
		
		local Assets = {
			Price = game:GetService("MarketplaceService"):GetProductInfo(F, Enum.InfoType.GamePass).PriceInRobux
			,
			AssetID = F
			,
			assetType = G
			,
		} 
		game.ReplicatedStorage.Handle.Products:FireServer(game:GetService("MarketplaceService"):GetProductInfo(F, Enum.InfoType.GamePass).PriceInRobux)
		

		A:PromptGamePassPurchase(C, F)
	elseif G == "UGC" then
		local Assets = {
			Price = game:GetService("MarketplaceService"):GetProductInfo(F, Enum.InfoType.Asset).PriceInRobux
			,
			AssetID = F
			,
			assetType = G
			,
		} 
		game.ReplicatedStorage.Handle.Products:FireServer(game:GetService("MarketplaceService"):GetProductInfo(F, Enum.InfoType.Asset).PriceInRobux)
		game.ReplicatedStorage.Players.SendMySelf:FireServer("Progress purchasing,")
		A:PromptPurchase(C, F)
	end
end

local function H(I)
	if I:IsA("TextButton") and I:GetAttribute("AssetId") and I:GetAttribute("AssetType") then
		I.MouseButton1Click:Connect(function()
			D(I)
		end)
	end
end

for _, J in ipairs(workspace:GetDescendants()) do
	H(J)
end

workspace.DescendantAdded:Connect(H)

Thank for reading it Will Solve?

SeargentAUS · March 4, 2025, 12:55am

Please use proper variable names. It makes it very hard to assist you. (If it’s to prevent exploiters, don’t bother - they don’t see the variable names anyway (nor comments))

You should not trust the client to tell you that they made the purchase. You should instead use the events/callbacks provided in MarketPlaceService to tell when someone has made a purchase, and only then process the donation.

ZuzrTkl · March 4, 2025, 12:58am

Someone can exploit a fire server, then purchase and make it work. What is this fire server? They use values from 1 to 9,999,999, but it’s patched. However, someone exploiting it can use values from 99,999,999 to 99,999,999, and it still works.

SeargentAUS · March 4, 2025, 1:00am

Why are you trusting the client for the amount? You should either have a dictionary of product IDs which map to the amount, or you should use GetProductInfo to dynamically determine the amount

ZuzrTkl · March 4, 2025, 1:03am

Here, someone without an exploiter is trying from 1 to 999,999. I patched it, but some exploiters can still purchase. How is that possible?

External Media

ZuzrTkl · March 4, 2025, 1:04am

i do GetProducts Fireserver turn script check PriceInRobux?

SeargentAUS · March 4, 2025, 1:09am

So you’re saying that the exploiters are changing the product price immediately after the purchase?

ZuzrTkl · March 4, 2025, 1:14am

Of course, someone tries: :fireserver("99999999"), then the first fire is done, followed by clicking the button which shows the price as 1. After that, it spams the fire, and the item is purchased. Finally, the gamepass price is changed to 99999999 going worked it pop.

SeargentAUS · March 4, 2025, 1:18am

If you use the callback I mentioned earlier, it provides the price that something was bought for. If can’t be messed up by someone changing the price. You should not be relying on the client at all to tell you the final buy price. They should really only be telling you the ID that they want to purchase (not even the price)

system · March 18, 2025, 1:19am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.