Categories > Exploiting > Roblox >

Wave Vulnerabilities

Darkn

Darkn | Resigned

Posts: 384

Threads: 69

Joined: Oct, 2020

Reputation: 19

Posted

Hey guys, it's been a while since I last used WeAreDevs forums but Roblox exploiting is back..? Despite that though, I had heard that Wave released again, and I had just saw another thread on Reddit mentioning that Wave has the Debug Lib Vulnerabilities found in Synapse back at the end of 2021. Just wanted to ensure people were aware about this as it's kind of concerning the lack of care in user security that they have for a second time in a row..

Vulnerabilities in Wave by u/Objective_Highway424 (Original post if anyone was curious)

Posting this on a throwaway, but I recently purchased Wave, and due to the vulnerabilities previously known in the beta, the first thing I did was look for vulnerabilities. It was very public knowledge back in 2021/2022 about the vulnerabilities that were present in the debug library in Synapse X, which were later patched and a test script for them published. These vulnerabilities can lead to arbitrary code execution, as shown in the reddit thread about them (https://www.reddit.com/r/robloxhackers/comments/rkuga2/most_executors_affected_by_debug_lib_ace/).

Wave is vulnerable to these same vulnerabilities, an oversight I feel should of been corrected prior to release. Wave's claim of 100% UNC also appears to be false, as setscriptable failed, resulting in 99% UNC.

These claims can be validated easily by trying the test script available in the reddit post above (the screenshot is of a slightly modified version doing a warn for each failed test instead of asserts, so they will all be tested)

Image Showing Vulnerabilities (I was planning to use an image, but WRD was breaking for me..)

If anyone was curious, yes Rexi did reply to this.

Rexi's reply:

Stop using old scripts UNC exists for a reason, and also theres UNC but for vulns
loadstring(game:HttpGet("https://raw.githubusercontent.com/fissurectomy/test/main/executor_vuln_test.lua"))()

other than that its not really a vuln but ill check it out.

OP's reply to Rexi:

Just because there is a vulnerability test script (which I did try, and Wave did pass that), does not mean it contains every vulnerability possible. Your blatant denial of this, despite the same lack of checks in the debug library leading to people using synapse being infected with malware before is concerning, and shows that your priorities clearly do not include user security.

Image of Reply (Same thing happened again.. Can't use an image cause WRD was being broken..)

@notdarkn | Coco Z Manager | Resigned Fluxus Support
Executors I currently use: Synapse X | Script-Ware M | Sentinel V3 (Soon)

Cyros

Pushing the Bytes

Posts: 544

Threads: 26

Joined: Feb, 2021

Reputation: 17

Replied

This is just poor behaviour from Rexi himself imo. Not to be a d*ck or anything but really???
You're gonna say "other than that its not really a vuln but ill check it out.", you say a vuln isn't really a vuln?
Yeah don't patch the exploit Rexi, keep the ACE vuln 🤣🤣

Regardless; I've "heard" that Rexi still skids but I don't know how true that is.

Anyways, Hello darkn! Welcome back to your first 2024 thread i think!!!!!!!
How are you? could I add you on discord?

Comments

Darkn 19 Reputation

Commented

Hello!! You can try adding me but I won't guarantee if I'll accept your friend request or not or if I unfriend you in the future since I've been purging my friends list really often :v

It got way too bloated when I was staff for Coco Z and Fluxus so... that's mainly why..

Cyros 17 Reputation

Commented

I see what you're saying, i'll give it a shot. My discord is yx_d or forest

Shadow.lol Forum Admin

Bunni.lol Staff Lead

Xenon Founder & Developer

Pluto_Guy

Pluto

Posts: 674

Threads: 68

Joined: Oct, 2022

Reputation: 28

Replied

My reason to not use wave

Its made by rexi

PLUTO_GUY FOR MODERATOR 2024!

A developer that knows C#,JavaScript,Python,Lua

Rexi

CEO @ Wave

Posts: 49

Threads: 8

Joined: Apr, 2023

Reputation: 55

Replied

I bet none of you would be able to write a vuln using the debug lib right now, if i say something that means i am confident enough that it is harmless, stop being a class clown

Hi, my previous account was deleted so that is why I made this account, this isn't rep evading.

moasn

Posts: 1

Threads: 0

Joined: Aug, 2024

Reputation: 0

Replied

I was very surprised by this gaming site, because it gave me a lot of cool bonuses that helped me play slot machines online - http://topx-gаme.com/ . You should try this site too, because it has a lot of quality slot machines, and you will definitely have something to play and you will find a lot of interesting game modes here!

Users viewing this thread:

( Members: 0, Guests: 1, Total: 1 )