fivem icon indicating copy to clipboard operation
fivem copied to clipboard
verified publisher icon citizenfx

Exploit using "SetVehicleExclusiveDriver_2"

Open chozr7 opened this issue 1 year ago • 8 comments

What happened?

Their are cheaters currently executing the code below

local vehicles = GetGamePool('CVehicle')

for i = 1, #vehicles do
    SetVehicleExclusiveDriver_2(vehicles[i], PlayerPedId(), 1)
end

and this is making it where if they are in a car near them it kicks them out, and if they are trying to get in they are NOT able to get back into the driver seat.

Expected result

Work the same but should own the vehicle before setting it.

Reproduction steps

  1. Load up into any server
  2. Go to an area populated with vehicles
  3. Run the provided snippet above
  4. You will be able to see no one able to get into driver seat

Importancy

Slight inconvenience

Area(s)

FiveM, OneSync, Natives, ScRT: Lua

Specific version(s)

FiveM Artifacts 8151, Server Game Build 2802, windows

Additional information

No response

chozr7 avatar May 21 '24 02:05 chozr7

i dont see how this is an issue with FiveM? am i missing something?

ook3D avatar May 21 '24 02:05 ook3D

i dont see how this is an issue with FiveM? am i missing something?

your saying that people should be able to exploit a native?

chozr7 avatar May 21 '24 02:05 chozr7

i dont see how this is an issue with FiveM? am i missing something?

your saying that people should be able to exploit a native?

im saying just because your server is written poorly, doesnt mean the native itself is fundementally flawwed.

ook3D avatar May 21 '24 03:05 ook3D

i dont see how this is an issue with FiveM? am i missing something?

your saying that people should be able to exploit a native?

im saying just because your server is written poorly, doesnt mean the native itself is fundementally flawwed.

How is this because a server is poorly written?

AvarianKnight avatar May 21 '24 03:05 AvarianKnight

i dont see how this is an issue with FiveM? am i missing something?

your saying that people should be able to exploit a native?

im saying just because your server is written poorly, doesnt mean the native itself is fundementally flawwed.

your clearly not smart, go ahead and read it works in any server.

chozr7 avatar May 21 '24 03:05 chozr7

Also not sure how this COULD HAVE ANYTHING to do with how a server is written.

chozr7 avatar May 21 '24 03:05 chozr7

Doesn't the sv_filterRequestControl prevent this to happen?

V3SC avatar May 21 '24 15:05 V3SC

Doesn't the sv_filterRequestControl prevent this to happen?

Invoking this native on a remotely owned entity ignores all ownership and currently implemented filter checks.

The game event in question is SCRIPT_ENTITY_STATE_CHANGE_EVENT with type SET_EXCLUSIVE_DRIVER.

Parsing this event and exposing its handler to ScRTs or adding some filter checks could be a proper fix here.

tens0rfl0w avatar May 21 '24 15:05 tens0rfl0w