Closed ghost closed 2 years ago
This almost certainly happens on vanilla right?
Is there is any way to get this without the /give command?
vanilla touches this stuff less so it's possible stuff like this gets by, but, am not sure we can really prevent invalid data causing issues, especially when explicitly created; Ideally this is stuff caught early into creation given that my solution for cases like this would be to just delete such broken items, and I'm not sure I want the perf cost or maintantence debt of that dangling over us
This almost certainly happens on vanilla right?
Is there is any way to get this without the /give command?
You can use a saved hotbar on creative mode, but the server will kick you with "Packet processing error" if you try to place it on your actual inventory.
See the problem with that is, there are about 1000 ways to abuse creative mode on servers. Creative mode is pretty broken, and going around trying to hack a fix to all the issues from the server's side isn't really tenable.
Just out of curiosity, where'd you find this? I recall I saw something of this nature a while ago.
Just out of curiosity, where'd you find this? I recall I saw something of this nature a while ago.
It was being abused on a free op anarchy server I was playing on.
It was being abused on a free op anarchy server I was playing on.
its FREE OP anarchy, people come solely to break Minecraft in some ways
Just out of curiosity, where'd you find this? I recall I saw something of this nature a while ago.
It was being abused on a free op anarchy server I was playing on.
I was afraid of that. I created the exploit originally in July, though I never used it for anything malicious (I primarily used it for administrative purposes) but I know others have used it maliciously before. It's worth noting that the actual client is vulnerable to this exploit as well in a much more severe fashion. Versions of Minecraft (client and server) 1.16.x to 1.18 are affected by this.
It was being abused on a free op anarchy server I was playing on.
its FREE OP anarchy, people come solely to break Minecraft in some ways
Not really, no. People who break Minecraft on these servers are a loud minority solely due to the nature of their actions. Most people just find enjoyment in the freedom of alike servers.
Just out of curiosity, where'd you find this? I recall I saw something of this nature a while ago.
It was being abused on a free op anarchy server I was playing on.
I was afraid of that. I created the exploit originally in July, though I never used it for anything malicious (I primarily used it for administrative purposes) but I know others have used it maliciously before. It's worth noting that the actual client is vulnerable to this exploit as well in a much more severe fashion. Versions of Minecraft (client and server) 1.16.x to 1.18 are affected by this.
I believe a variation of this exploit exists on bedrock edition, however it's hard to say if that originated from you or not.
See the problem with that is, there are about 1000 ways to abuse creative mode on servers. Creative mode is pretty broken, and going around trying to hack a fix to all the issues from the server's side isn't really tenable.
Shouldn't we at least make a reasonable attempt to patch these exploits, if possible?
Shouldn't we at least make a reasonable attempt to patch these exploits, if possible?
no
Just out of curiosity, where'd you find this? I recall I saw something of this nature a while ago.
It was being abused on a free op anarchy server I was playing on.
You mean that you develop for? You have some repositories related to one such server
Just out of curiosity, where'd you find this? I recall I saw something of this nature a while ago.
It was being abused on a free op anarchy server I was playing on.
I was afraid of that. I created the exploit originally in July, though I never used it for anything malicious (I primarily used it for administrative purposes) but I know others have used it maliciously before. It's worth noting that the actual client is vulnerable to this exploit as well in a much more severe fashion. Versions of Minecraft (client and server) 1.16.x to 1.18 are affected by this.
I believe a variation of this exploit exists on bedrock edition, however it's hard to say if that originated from you or not.
I didn't create the Bedrock variant, only the Java variant. The very first variant of the exploit was a Java-specific one, and this is the component I had it as:
{"text":"fuck","hoverEvent":{"action":"show_entity","contents":{"id":"f97c0d7b-6413-4558-a409-88f09a8f9adb[][][][][][][]][][][","type":"minecraft:player"}}}
Shouldn't we at least make a reasonable attempt to patch these exploits, if possible?
no
Aren't you one of the people abusing this exploit? You have some repositories on your profile related to minecraft cheats, and crash exploits.
Just out of curiosity, where'd you find this? I recall I saw something of this nature a while ago.
It was being abused on a free op anarchy server I was playing on.
You mean that you develop for? You have some repositories related to one such server
I occasionally make pull requests for the server, but I wouldn't consider myself a developer for the server.
reference #7011
Stack trace
https://paste.gg/p/anonymous/6f4c32bd43f74b7e9eb2ef3d2038fc84
Plugin and Datapack List
[01:32:24 INFO]: Plugins (0):
[01:32:26 INFO]: There are 2 data packs enabled: [vanilla (built-in)], [file/bukkit (world)] [01:32:26 INFO]: There are no more data packs available
Actions to reproduce (if known)
/minecraft:item replace entity @s armor.head with minecraft:written_book{pages: ['{"text":"test","hoverEvent":{"action":"show_entity","contents":{"id":"[][","type":"minecraft:player"}}}']}
Paper version
[01:35:52 INFO]: Checking version, please wait... [01:35:52 INFO]: This server is running Paper version git-Paper-391 (MC: 1.17.1) (Implementing API version 1.17.1-R0.1-SNAPSHOT) (Git: 3e73355 on ver/1.17.1) You are running the latest version
Other
No response