-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes negative payment in NTpay & Encodes name param sent to admins in fax #71491
Conversation
thank you for the pr in the future can you not tell people how to do these with a fully detailed guide on how to run these exploits every round (people hijack the game by running them every round) |
I didn't expect them to exploit it. I just wanted more people to know how such an exploit could be done. Unlike hrefs very few people know how these things work, and I think it leads to UI developers not expecting these things to even be possible. I apologize. |
About The Pull Request
NTpay wasn't validating negative input serverside, allowing for negative payment to users(Negative - Negative = Positive, so it adds money to the senders account.) Also encodes a parameter that was sent unsanitized to admins.
Why It's Good For The Game
Changelog
馃啈
fix: Fixes a NTPay exploit.
/:cl: