Report menu has vulnerability that allows accounts to be banned instantly

apenzijncoolenleuk1 · May 14, 2024, 9:35pm

Do you have ‘reports’ of it happening to groups?
Or have you only seen it for users?

Awesomepad · May 14, 2024, 9:36pm

right now i’ve only seen users but its safe to assume it could happen for groups until roblox patches it

gameCoder1210 · May 15, 2024, 1:53am

Solara got patched? Nice.
charrrrrs

PolyLacticSugarcane · May 15, 2024, 1:54am

I am pretty sure that game:GetService() “bypasses” any custom name you give it which means that exploiters can still do local Debris = game:GetService("Debris")

Edit: nevermind

gameCoder1210 · May 15, 2024, 1:54am

^^^^^^^^^^^^^^^^^^^^^^^^^^^^
look up

PolyLacticSugarcane · May 15, 2024, 1:56am

Oh, I didn’t realize that it had to be game.Debris

gameCoder1210 · May 15, 2024, 1:57am

Sorry for the confusion. Solara (the exploit that my code defended against) got patched, making my code genuinely useless.

SaintofHavoK · May 15, 2024, 5:00am

Would think the report system would take a screenshot or whatever from the server side, not the client, but I guess in Roblox eye, the client is always innocent.

LuciferGamingFR · May 15, 2024, 7:07am

There are some powerful exploits that can add something in server sided (there is a case that a baseplate got exploited)
If it’s not that case, games that have no backdoor and are really safe can’t get exploited

Timelens · May 15, 2024, 8:57am

No such exploit exists, unless there is a vulnerability with a game’s RemoteEvents. And in such a case, that would be the developer’s fault.

TinyFriztche · May 15, 2024, 3:05pm

I’m giving an example through any game that is public on your profile, such as places automatically opened by Roblox like “TinyFriztche’s Place”, and even through scripts used via cheating programs.
So, even if the content of the game is empty or just only baseplate, this cheat can still work.

This method results in immediate bans from Roblox, two of my friends got banned for this reason, but we later resolved the issue by opening a ticket.

Example Image

edit; this post reply for the LuciferGaming wrong reply*

DarkDevXY · May 16, 2024, 5:48am

Hey, has this been resolved yet? Keeping my games private for so long is pretty frustrating.

bvetterdays · May 16, 2024, 6:44am

I tried reproducing the issue a few days ago and it had been patched - should be all good to open your games now. Hopefully an engineer can provide a more official update soon.

pozzzy333 · May 16, 2024, 9:51am

Guys, don’t rely on support. The support agents really don’t care that this is a big problem.

Gonistical · May 16, 2024, 10:50am

I don’t think they can fix this vulnerability, they can just disable the capture scene feature and everything’s good

The “Capture Scene” takes a screenshot of the Player’s Client. It is impossible to tell if it’s the game that displays inappropriate things, or an exploiter.

Gonistical · May 16, 2024, 10:50am

It did?

LuciferGamingFR · May 16, 2024, 2:39pm

I agree with that we should remove report screenshot for game reporting
Or maybe, for game report, it should take the screenshot of what server sided see so things that was added client sided can’t be seen in the screenshot

Maelstorm_1973 · May 16, 2024, 3:16pm

If that’s what the issue it, and since the code is published to Roblox, they can automatically go through the code to see if any string matches what’s displayed on the screen. I know there are ways around this, but Roblox needs to take a more balanced approached when dealing with developers who are targeted by this.

Neplioz · May 17, 2024, 7:17pm

Any informations about this issue, it has been 4 days that my game is private now.

Awesomepad · May 17, 2024, 7:18pm

the most we have is the team acknowledging the bug, nothing else (to my information)