Partydragen
Owner

291 posts

IGN: Partydragen
By Partydragen » about 1 month ago
@everyone Security Warning!!
CreateYourOwnMenus plugin have a major security issues! If you give your players Gamemode, Or have a Creative world people can abuse this security to force-op them self and take full control of your server

People who abuse this bug will be logged to our systems and will be permanely banned!



Last edited: about 1 month ago

Owner of CubedCraft Network
Server Ip: mc.cubedcraft.com
Free minecraft servers on my network by using /ps create
My Website:
 http://partydragen.com/


AmazinglyJava
Member

122 posts

IGN: AmazinglyJava
By AmazinglyJava » about 1 month ago
 
How to know if you are safe or not

If you have a regular creative server without CreateYourOwnMenus installed you are fine.

If you have creative server with CreateYourOwnMenus installed then players can force op. Even if it's not used, or players don't have access to any menu you are still at risk.

If you have a survival server (or any gamemode that players do not have creative) with CreateYourOwnMenus installed, then you are fine.

I suggest you don't give players creative for 'Build Tests' or other stuff if you have CreateYourOwnMenus installed.

If CreateYourOwnMenus is not installed then you are completely fine, don't worry about this. :)








KyanG7
Member

81 posts

IGN: KyanG7
By KyanG7 » about 1 month ago
I have found a few fixes to this bug as I was the one who reported it and tested it with the permission of AmazinglyJava, EnderAdamGaming and I did test it on partydragen's PS to test it. If anyone wants a little bit of help patching it I would love to help as a temporary small fix until its actually fixed.

DISCORD: KyanG7#5428
or msg me ingame (KyanG7)

Hope this isn't used on any servers!
 







AmazinglyJava
Member

122 posts

IGN: AmazinglyJava
By AmazinglyJava » about 1 month ago
Kyan, read my post. (On your bug report)



Last edited: about 1 month ago



KyanG7
Member

81 posts

IGN: KyanG7
By KyanG7 » about 1 month ago
AmazinglyJava:
Kyan, read my post. (On your bug report)

I don't seem to be able to find my post... ?



Last edited: about 1 month ago



Partydragen
Owner

291 posts

IGN: Partydragen
By Partydragen » about 1 month ago
The author of this plugin aswered this:
Unfortunately this is a weakness in the Minecraft server rather than something I can fix with a plugin. I reported it a long time ago, but nothing has been done, and I suspect nothing will be done.
If blacklisting commands doesn't solve it for you, all I can suggest is keeping them in survival mode but then giving them creative-like powers using other plugins, instead of full creative mode.
The Too Many Items/Not Enough Items/Just Enough Items mods can make for an excellent infinite resources front-end for creative building and all they'd need is access to the /give command to make that work on the server side. There are lots of plugins for flight in survival mode and invulnerability too.





Owner of CubedCraft Network
Server Ip: mc.cubedcraft.com
Free minecraft servers on my network by using /ps create
My Website:
 http://partydragen.com/


AmazinglyJava
Member

122 posts

IGN: AmazinglyJava
By AmazinglyJava » about 1 month ago
partydragen, why don't you just make a plugin that clears all items with lore a players inventory unless they have a certain permission? It would take less than 30 minutes (I tried but failed :()

There is also other plugins such as DeluxeMenus that do the same thing. I haven't ever used any of them though.



Last edited: about 1 month ago



KyanG7
Member

81 posts

IGN: KyanG7
By KyanG7 » about 1 month ago
partydragen:
The author of this plugin aswered this:
Unfortunately this is a weakness in the Minecraft server rather than something I can fix with a plugin. I reported it a long time ago, but nothing has been done, and I suspect nothing will be done.
If blacklisting commands doesn't solve it for you, all I can suggest is keeping them in survival mode but then giving them creative-like powers using other plugins, instead of full creative mode.
The Too Many Items/Not Enough Items/Just Enough Items mods can make for an excellent infinite resources front-end for creative building and all they'd need is access to the /give command to make that work on the server side. There are lots of plugins for flight in survival mode and invulnerability too.
On one of my PlayerServers I spent tons of time creating menus with every single item (But my seperate banned items) if we get up to the time that we can upload files/configs I will love if Partydragen would take out my files and I could download them and spread it out the creative servers!
 







NeedYou
Member

1 posts

IGN: NeedYou
By NeedYou » about 1 month ago
Multiverse crashes my server even without any other plugin when creating a new world.