Closed Dinos3396 closed 1 month ago
Please disable quickshop.history
permission node before dev patched it.
if you are using LuckPerms,just set the permission node to false.
/lp group default permission set quickshop.history false
Please disable
quickshop.history
permission node before dev patched it. if you are using LuckPerms,just set the permission node to false./lp group default permission set quickshop.history false
@YuanYuanOwO I had disable quickshop.history permission node in LuckPerms. But,it not work. (Paper version 1.21-40-master@b45d9b6 )
Please disable
quickshop.history
permission node before dev patched it. if you are using LuckPerms,just set the permission node to false./lp group default permission set quickshop.history false
@YuanYuanOwO I had disable quickshop.history permission node in LuckPerms. But,it not work. (Paper version 1.21-40-master@b45d9b6 )
已知,待开发者修复 waiting for dev to fix this
@Ghost-chu this can be used to exploit items out of the history tab, which is bad because it features diamonds on it by default on its gui. Some owners are unware of this exploit, although you can easily disable its permission node to get rid of the feature, we would love to see a more permanent fix
@Ghost-chu this can be used to exploit items out of the history tab, which is bad because it features diamonds on it by default on its gui. Some owners are unware of this exploit, although you can easily disable its permission node to get rid of the feature, we would love to see a more permanent fix
Sorry, but Ghost-chu is no longer in charge of QuickShop-Hikari development, which is now handled by creatorfromhell
gotcha. pinging because this is what I would consider to be an important exploit that should be resolved asap. @creatorfromhell
I'm nolonger actively develop the QuickShop-Hikari, please contact @creatorfromhell
Ghost_chu @.***
------------------ Original ------------------ From: @.>; Date: 2024年7月9日(星期二) 下午2:57 To: @.>; Cc: @.>; @.>; Subject: Re: [QuickShop-Community/QuickShop-Hikari] [BUG] 1.21 Console Error (Issue #1632)
@Ghost-chu this can be used to exploit items out of the history tab, which is bad because it features diamonds on it by default on its gui. Some owners are unware of this exploit, although you can easily disable its permission node to get rid of the feature, we would love to see a more permanent fix
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: @.***>
gotcha. pinging because this is what I would consider to be an important exploit that should be resolved asap. @creatorfromhell
Will fix when I have time for now change permissions to disable their ability to access
This is the working PoC for the exploit https://youtu.be/RMAiCLi51_w
Will make the video public once the dev team has patched it.
This is the working PoC for the exploit https://youtu.be/RMAiCLi51_w
Will make the video public once the dev team has patched it.
Already know this issue
Please upgrade QuickShop-Hikari to dev build.
The new dev build seems to disable history completely. Or am I installing wrong version? https://ci.codemc.io/job/Ghost-chu/job/QuickShop-Hikari-SNAPSHOT/lastSuccessfulBuild/artifact/quickshop-bukkit/target/
The new dev build seems to disable history completely. Or am I installing wrong version? https://ci.codemc.io/job/Ghost-chu/job/QuickShop-Hikari-SNAPSHOT/lastSuccessfulBuild/artifact/quickshop-bukkit/target/
temp disable history feature before dev patched it. Waiting for dev fix
Ah I see
Description
https://mclo.gs/DjHPAaG
Steps to reproduce
Use 1.21 paper server and latest QuickShop maybe.
Expected Behaviour
No error.
Screenshots
Hhhhmmmm
/quickshop paste
URLhttps://mclo.gs/FHN0fLE
Additional Context
No response
Checklist