Hey! Recently i found a critical issue that allows users to change the perspective of how a script runs, If they enter a specific code into the internal code of my product, It spoofs roblox’s security that allows to change what game.OwnerId returns. So is there a way to get the Owner ID from a Post Request so there is no way of bypassing it?
1 Like
The games API allows you to send a GET request, which provides information including the Creator ID:
Note however that you will need to use a proxy, as Roblox doesn’t allow direct calls to their APIs.
Why does your code allow for OwnerId to be spoofed? Is the script a local script, server script, or plugin script? Chances are there is a better way to achieve what you want
1 Like
Thanks!
Its a plugin script, Somehow there is a glitch that has been around 2 years now and it can make a script think that the owner of the game is other person.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.