Report menu has vulnerability that allows accounts to be banned instantly

Do you have ‘reports’ of it happening to groups?
Or have you only seen it for users?

right now i’ve only seen users but its safe to assume it could happen for groups until roblox patches it

3 Likes

Solara got patched? Nice.
charrrrrs

I am pretty sure that game:GetService() “bypasses” any custom name you give it which means that exploiters can still do local Debris = game:GetService("Debris")

Edit: nevermind

^^^^^^^^^^^^^^^^^^^^^^^^^^^^
look up

Oh, I didn’t realize that it had to be game.Debris

Sorry for the confusion. Solara (the exploit that my code defended against) got patched, making my code genuinely useless.

2 Likes

Would think the report system would take a screenshot or whatever from the server side, not the client, but I guess in Roblox eye, the client is always innocent. :roll_eyes:

1 Like

There are some powerful exploits that can add something in server sided (there is a case that a baseplate got exploited)
If it’s not that case, games that have no backdoor and are really safe can’t get exploited

No such exploit exists, unless there is a vulnerability with a game’s RemoteEvents. And in such a case, that would be the developer’s fault.

3 Likes

I’m giving an example through any game that is public on your profile, such as places automatically opened by Roblox like “TinyFriztche’s Place”, and even through scripts used via cheating programs.
So, even if the content of the game is empty or just only baseplate, this cheat can still work.

This method results in immediate bans from Roblox, two of my friends got banned for this reason, but we later resolved the issue by opening a ticket.

Example Image

image

edit; this post reply for the LuciferGaming wrong reply*

1 Like

Hey, has this been resolved yet? Keeping my games private for so long is pretty frustrating.

1 Like

I tried reproducing the issue a few days ago and it had been patched - should be all good to open your games now. Hopefully an engineer can provide a more official update soon.

Guys, don’t rely on support. The support agents really don’t care that this is a big problem.

I don’t think they can fix this vulnerability, they can just disable the capture scene feature and everything’s good

The “Capture Scene” takes a screenshot of the Player’s Client. It is impossible to tell if it’s the game that displays inappropriate things, or an exploiter.

It did?


I agree with that we should remove report screenshot for game reporting
Or maybe, for game report, it should take the screenshot of what server sided see so things that was added client sided can’t be seen in the screenshot

If that’s what the issue it, and since the code is published to Roblox, they can automatically go through the code to see if any string matches what’s displayed on the screen. I know there are ways around this, but Roblox needs to take a more balanced approached when dealing with developers who are targeted by this.

Any informations about this issue, it has been 4 days that my game is private now.

the most we have is the team acknowledging the bug, nothing else (to my information)