Recently, a forcechat script has been exploited to get players terminated from the platform. Attackers lure victims into their game, tricking them into staying on a loading screen. Meanwhile, a forcechat script that is bypassing chat filters is being spammed behind the scenes without the player’s knowledge. The attackers then enters the game and mass report the victims, resulting in their termination from the platform.
A private message is associated with this bug report
Isn’t this the way Crossroads was banning players’ in 2022?
Correct, but Crosswoods had a entire XSS Injection system (now patched) where they snatch victim’s personal info and have a automatic system that just reports them and get them terminated.
Exact same method, exact same base game.
Previously Roblox had an XSS vulnerability which let those users run scripts on the Roblox website which meant they could additionally steal a users cookie (login token) + IP, but that has since been patched. The force chat part of this issue was never patched, or at least was very hurriedly patched out meaning it was easy to bypass.
This is just an acknowledgment announcement!
We’ve filed a ticket into our internal database for this issue, and we will update you when we have further information!
Thanks for the report!
OP Don’t mark an acknowledgement post as a solution, it starts the topic auto lock timer and after that the topic will be locked
can replicate this, it has not been solved - the roblox post was an acknowledgement.
in addition, it was very easy to replicate. an example is online and there are other ways to do this.
Sorry! It’s my first time using DevForum, never used it before to make a post.
You’re supposed to be able to make players say messages - this is intended behavior. The unintended behavior is a certain method of doing this that sends the developer-induced text through the filter on behalf of the user they send it from.
my bad. either way, whatever they use is still being exploited in live games and as such the bug report should remain unsolved.
If this were to be remain unsolved, there would be a bunch of people getting their accounts deleted from the forcechat.
UPDATE: This still is working as of right now, there isn’t a fix and there are still innocent players getting terminated from the platform due to this.