🌝 Bytecode Breakdown: Unraveling Factorio's Lua Security Flaws
「 Some months ago I exploited a vulnerability in the Lua implementation of Factorio that allowed a malicious server to obtain arbitrary execution on clients. As the vulnerability has been patched for months already (Factorio versions below 1.1.101 are affected), is time to share the details with the community 」
https://memorycorruption.net/posts/rce-lua-factorio/
#Factorio #Lua #Infosec
jbz /
npub1th…k65lp
2024-07-08 02:00:01
Author Public Key
npub1thp9l7ed2x8n2fhaygsx0rgqdrru2qmk3d8plrp07n2k03scx8nq2k65lpPublished at
2024-07-08 02:00:01Event JSON
{
"id": "6aca491d4fd2492f8cafb1713339f59c44556a9f44eb07e34ba4fcb3f1a727ad",
"pubkey": "5dc25ffb2d518f3526fd2220678d0068c7c503768b4e1f8c2ff4d567c61831e6",
"created_at": 1720404001,
"kind": 1,
"tags": [
[
"t",
"lua"
],
[
"t",
"factorio"
],
[
"proxy",
"https://indieweb.social/@jbz/112748396653011060",
"web"
],
[
"t",
"infosec"
],
[
"proxy",
"https://indieweb.social/users/jbz/statuses/112748396653011060",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://indieweb.social/users/jbz/statuses/112748396653011060",
"pink.momostr"
],
[
"expiration",
"1722996004"
]
],
"content": "🌝 Bytecode Breakdown: Unraveling Factorio's Lua Security Flaws\n\n「 Some months ago I exploited a vulnerability in the Lua implementation of Factorio that allowed a malicious server to obtain arbitrary execution on clients. As the vulnerability has been patched for months already (Factorio versions below 1.1.101 are affected), is time to share the details with the community 」 \n\nhttps://memorycorruption.net/posts/rce-lua-factorio/\n\n#Factorio #Lua #Infosec",
"sig": "02bd4a75757a8280549a6b0c9719f0543a9e0db82b719821fa5d2c7500ab4ea789fff7d6b00b689b8f6b8276ede9cebf4b15910a25d04b39a6a8b00f56a82f84"
}