JaTiTV/T2CodeLib
JaTiTV/T2CodeLib
1
0
Fork 0
Code Issues Pull Requests Projects Releases 58 Activity

Critical vulnerability has been closed - exploit has been fixed

Browse Source 
This version fixes an extremely critical bug!
Please update to Bungee/Waterfall!

This update fixes a security vulnerability that allowed the Voxel Hack Client to execute any command on the proxy if the T2CodeLib was installed on it (https://github.com/Renovsk/VoxelClient-SRC/blob/main/me/nullnet/voxelclient/exploits/T2CExploit.java). This has been fixed.

This has been fixed and all games that try to use this exploit are now displayed in the console.

Translated with www.DeepL.com/Translator (free version)
This commit is contained in:
JaTiTV 2025-03-31 07:19:25 +02:00
parent afb6fc3c66
commit fccf878b81
4 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pom.xml
View File

@ -6,7 +6,7 @@
<groupId>net.t2code</groupId>
<artifactId>T2CodeLib</artifactId>
<version>17.0_beta-1</version>
<version>17.0</version>
<!--version>VERSION_snapshot-0</version-->
<!--version>VERSION_beta-0</version-->
<!--version>VERSION_dev-0</version-->

3
src/main/java/net/t2code/t2codelib/BUNGEE/system/pluginMessaging/T2CplmsgBcmd.java
View File

@ -6,6 +6,7 @@ import net.md_5.bungee.api.connection.Server;
import net.md_5.bungee.api.event.PluginMessageEvent;
import net.md_5.bungee.api.plugin.Listener;
import net.md_5.bungee.event.EventHandler;
import net.t2code.t2codelib.BUNGEE.api.messages.T2CBsend;
import net.t2code.t2codelib.Util;
import org.junit.Ignore;
@ -19,7 +20,7 @@ public class T2CplmsgBcmd implements Listener {
if (event.getTag().equalsIgnoreCase("t2c:bcmd")) {
if (!(event.getSender() instanceof Server)) {
ProxyServer.getInstance().getConsole().sendMessage("§c[Security] Blocked unauthorized plugin message from a player ("+ event.getSender().toString() +")!");
T2CBsend.console(Util.getPrefix() +" <dark_gray>[<gold>Exploit-protection</gold>]</dark_gray> <red>Blocked unauthorized plugin message from a player ("+ event.getSender().toString() +")!");
return;
}

3
src/main/java/net/t2code/t2codelib/BUNGEE/system/pluginMessaging/autoResponse/T2CapiAutoResponse.java
View File

@ -7,6 +7,7 @@ import net.md_5.bungee.api.event.PluginMessageEvent;
import net.md_5.bungee.api.plugin.Listener;
import net.md_5.bungee.event.EventHandler;
import net.t2code.t2codelib.BUNGEE.api.messages.T2CBsend;
import net.t2code.t2codelib.Util;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
@ -19,7 +20,7 @@ public class T2CapiAutoResponse implements Listener {
if (event.getTag().equalsIgnoreCase("t2c:aresp")) {
if (!(event.getSender() instanceof Server)) {
ProxyServer.getInstance().getConsole().sendMessage("§c[Security] Blocked unauthorized plugin message from a player ("+ event.getSender().toString() +")!");
T2CBsend.console(Util.getPrefix() +" <dark_gray>[<gold>Exploit-protection</gold>]</dark_gray> <red>Blocked unauthorized plugin message from a player ("+ event.getSender().toString() +")!");
return;
}

4
src/main/java/net/t2code/t2codelib/BUNGEE/system/pluginMessaging/opSecurity/T2CapiOpSecurity.java
View File

@ -5,6 +5,8 @@ import net.md_5.bungee.api.connection.Server;
import net.md_5.bungee.api.event.PluginMessageEvent;
import net.md_5.bungee.api.plugin.Listener;
import net.md_5.bungee.event.EventHandler;
import net.t2code.t2codelib.BUNGEE.api.messages.T2CBsend;
import net.t2code.t2codelib.Util;
import java.io.*;
import java.util.logging.Logger;
@ -16,7 +18,7 @@ public class T2CapiOpSecurity implements Listener {
if (event.getTag().equalsIgnoreCase("t2c:opsec")) {
if (!(event.getSender() instanceof Server)) {
ProxyServer.getInstance().getConsole().sendMessage("§c[Security] Blocked unauthorized plugin message from a player ("+ event.getSender().toString() +")!");
T2CBsend.console(Util.getPrefix() +" <dark_gray>[<gold>Exploit-protection</gold>]</dark_gray> <red>Blocked unauthorized plugin message from a player ("+ event.getSender().toString() +")!");
return;
}