stop reading my mind :u
also why is the download broken
webserver crashed, try now
Here's a helpful hint for finding exploits.
Eval is used in BVSS. All arguments are rejected if they contain semicolons, the format of the commands entered is:
eval("%istrue = " @ %brick @ "." @ %cond @ ";");
function BVSS_getVar(%brick,%var)
{
if(!isObject(%brick))
return 0;
%that = 0;
eval("%that = " @ %brick @ "." @ %var @ ";");
return %that;
}
if(isObject($lastloadedbrick))
{
if(getField(%line,2) !$= "" && getField(%line,2) !$= " ")
eval($lastloadedbrick @ "." @ getField(%line,1) @ " = " @ getField(%line,2) @ ";");
}
and
$brickgroup = -1;
eval("$brickgroup = BrickGroup_" @ %owner @ ";");
These are all server (server-server, not client-server) sided though, so you'd have to have script access anyway to use them.
The only client-server sided instance of possible code execution is with this:
function BLRS_AuthCommand(%sender,%command,%arg1,%arg2,%arg3)
{
if(isFunction("blrscmd" @ %command))
{
call("blrscmd" @ %command,%sender,%arg1,%arg2,%arg3);
}
//old bad way of doing it
//eval("blrscmd" @ %command @ "(" @ %sender @ ",\"" @ %arg1 @ "\",\"" @ %arg2 @ "\",\"" @ %arg3 @ "\");");
}
It checks if "BLRSCMD" + %name is a function, then runs it with the arguments.
It is therefore limited to only executing BLRSCMD commands made by the mod itself, which is it's intended purpose.
(also, ya gotta be admin to use it anyway)
The only other possible problem is bruteforcing, which I
really don't think is going to be a problem, since you'd basically be ddosing the server, which would then be the bigger problem. But since I've been asked to, I may add a time based guess limit.