hmm, I couldn’t do it just now, weird.
my guess is this guy is doing it with a different syntax slightly or he is actually an administrator? surely administrator is a reserved name?
have heard of someone spawning in gold that way.
Not an admin or whatever. They’d likely have names like GMLux or GM_Lux. (I know Lux is a CM. Just an example)
Not fixed yet though. It works exactly how everyone is saying.
can guarantee you it does not work on this server EU BiFrost any more, maybe its server by server.
Used to work, now the message is just never sent, clearly santizing on the server end now.
This is gonna shock them when they find out you can inject code into the chat. This a big mistake, I hope you guys get it sorted out fast.
you can’t inject code you can call internal assets only, such as game file images etc. it’s hardly a big risk… the crashing of the client however is.
1 Like
So do “/<script>/” tags work? I hope not lmao.
This is funny their website sanitizes tags but the in game chat does not!
No, they don’t. I tried.
The sausag’ing 2021 - RIP - Never forget
2 Likes
i think there is a reason this was patched so quickly… New World completely broke today - Dupes, Crashes and more - YouTube about 5 mins 20 in
Ewwww. well, i was thinking about a pause, this made me insta uninstall, farewell new warudo.
You can create gold, items, whatever out of thin air. You can crash people’s clients, target people specifically. You can give yourself experience. You can block people’s screens and prevent them from playing in open combat.
“So far, we haven’t had a lot of complaints about the game,” - Christoph Hartmann vice president of AGS
Pretty good job so far 
Just letting people know it’s been fixed.
8 Likes
Something as simple as sanitizing user input should have been in here from the start! are your developers 15 year olds writing their first ever “hello world”
but glad it’s fixed! 1 bug fixed, 9999999 million to go
3 Likes
Buff musket.
So fast! 
Intercepting service requests with Wireshark appears to work. Sanitizing chat is good but you should probably also add server side validation. It’s partially fixed.
What do you mean by fixed? I’m assuming all of the duped gold is still in circulation and no one has been banned for doing it?