Categories > Exploiting > Roblox >

Wave Vulnerabilities

Darkn

Darkn | Resigned

vip

Posts: 383

Threads: 69

Joined: Oct, 2020

Reputation: 19

Posted

Hey guys, it's been a while since I last used WeAreDevs forums but Roblox exploiting is back..? Despite that though, I had heard that Wave released again, and I had just saw another thread on Reddit mentioning that Wave has the Debug Lib Vulnerabilities found in Synapse back at the end of 2021. Just wanted to ensure people were aware about this as it's kind of concerning the lack of care in user security that they have for a second time in a row..

Vulnerabilities in Wave by u/Objective_Highway424 (Original post if anyone was curious)


 

Posting this on a throwaway, but I recently purchased Wave, and due to the vulnerabilities previously known in the beta, the first thing I did was look for vulnerabilities. It was very public knowledge back in 2021/2022 about the vulnerabilities that were present in the debug library in Synapse X, which were later patched and a test script for them published. These vulnerabilities can lead to arbitrary code execution, as shown in the reddit thread about them (https://www.reddit.com/r/robloxhackers/comments/rkuga2/most_executors_affected_by_debug_lib_ace/).

Wave is vulnerable to these same vulnerabilities, an oversight I feel should of been corrected prior to release. Wave's claim of 100% UNC also appears to be false, as setscriptable failed, resulting in 99% UNC.

These claims can be validated easily by trying the test script available in the reddit post above (the screenshot is of a slightly modified version doing a warn for each failed test instead of asserts, so they will all be tested)

Image Showing Vulnerabilities (I was planning to use an image, but WRD was breaking for me..)

 



If anyone was curious, yes Rexi did reply to this.

Rexi's reply:

Stop using old scripts UNC exists for a reason, and also theres UNC but for vulns
loadstring(game:HttpGet("https://raw.githubusercontent.com/fissurectomy/test/main/executor_vuln_test.lua"))()

other than that its not really a vuln but ill check it out.

OP's reply to Rexi:

Just because there is a vulnerability test script (which I did try, and Wave did pass that), does not mean it contains every vulnerability possible. Your blatant denial of this, despite the same lack of checks in the debug library leading to people using synapse being infected with malware before is concerning, and shows that your priorities clearly do not include user security.

Image of Reply (Same thing happened again.. Can't use an image cause WRD was being broken..)

  • 0

Posts: 690

Threads: 69

Joined: Oct, 2022

Reputation: 30

Replied

My reason to not use wave

 

Its made by rexi

  • 0

PLUTO_GUY FOR MODERATOR 2024!

---------------------------------

Reading this? Use charm.rest for the best gaming experience in your browser! It is unblocked at school and nice for gaming at home!

Rexi

CEO @ Wave

contentCreator

Posts: 49

Threads: 8

Joined: Apr, 2023

Reputation: 55

Replied

I bet none of you would be able to write a vuln using the debug lib right now, if i say something that means i am confident enough that it is harmless, stop being a class clown

  • 0

Hi, my previous account was deleted so that is why I made this account, this isn't rep evading.

Posts: 1

Threads: 0

Joined: Aug, 2024

Reputation: 0

Replied

I was very surprised by this gaming site, because it gave me a lot of cool bonuses that helped me play slot machines online - http://topx-gаme.com/ . You should try this site too, because it has a lot of quality slot machines, and you will definitely have something to play and you will find a lot of interesting game modes here!

  • 0

Users viewing this thread:

( Members: 0, Guests: 1, Total: 1 )