1

If I need to fix up my question in any way please let me know, this is my first question on the site

So there's a game development website I use where you can develop with other people, and within the past few months they introduced a new feature where you can get into the editor with other people. Now, here's the thing. They heavily sandbox things, and for good reason, so in game you can't send http requests from a user's computer, but due to how the game creation tool works, there's a small bug that would allow you to do this.

The worst thing I've thought of being able to do with this is snag someone's IP, which isn't exactly a terrible thing, it's a public IP afterall, but I'm curious if it's possible to infect their computer, give them a virus, or anything else damaging, just by having them send a GET/POST request to a website, and if so how this would work?

I want to convince the creators/designers of the site and development tools to make a fix for this, and a real threat would help my argument a lot. But I can't make the claim without evidence. Is there any real threat to the person sending the request here?

warspyking
  • 113
  • 6
  • What are you able to put in that GET/POST request? (Think data that exists on that user's side) – Olipro Jul 07 '16 at 03:20
  • @olipro GET request: headers, POST request: headers and Data (http://wiki.roblox.com/index.php?title=API:Enum/HttpContentType) – warspyking Jul 07 '16 at 03:58
  • @m1ke Not a duplicate, the requests have nothing to do with chrome. It's just sending a get/post request. – warspyking Jul 07 '16 at 04:29
  • If you read the answers there, it's client agnostic. Anyway, I updated my answer after you updated the Q. – ndrix Jul 07 '16 at 05:41

1 Answers1

3

Yes, it depends how that GET/POST request is handled on the receiving party, i.e the client.

While explained in another thread "Yes, you can get a virus just by visiting a site in Chrome or any other browser". This also counts for any client. In this case: the program that's handling the response from your web request. No matter if that's a browser, CLI program, library, game, etc. If a vulnerability exist in the client code which can be exploited, malicious code can be executed. This malicious code is roughly what you refer to as "a virus".

There are mitigating factors such as isolation, exploit mitigation (DEP, ASLR, ...) but there's always a possibility that this is bypassed.

The worse thing that can happen is that an attacker can execute code on a victims machine, elevate privileges and execute system commands. Examples? Steal data, delete files, launch further attacks, ... If someone can execute code it's a complete compromise.

ndrix
  • 3,206
  • 13
  • 17
  • It's a small bug. This behavior isn't intended. Also what if the target action was intended to do malicious things. What could be the worse thing the target action could do if you sent a GET request? – warspyking Jul 07 '16 at 04:02
  • Someone that opens an HTTP interface isn't a "small bug". The target action would be what's running on your webserver. Whats the worse it could do? Whatever you program it to do. For example, a simple - will execute anything your client sends in a shell. – ndrix Jul 07 '16 at 04:06
  • I think you misunderstood the question. I want to know if a virus can be given to the person who SENT the request. I'll clarify the question – warspyking Jul 07 '16 at 04:07
  • Oh, that's been asked - and answered before. – ndrix Jul 07 '16 at 04:27
  • Thanks for the answer. I'm gonna reask what I asked in a previous comment. What's the worst case scenario here? – warspyking Jul 07 '16 at 05:42