NBTEdit icon indicating copy to clipboard operation
NBTEdit copied to clipboard
verified publisher icon DavidGoldman

Attacker may construct a nbt update packet to update Server data

Open q178666380 opened this issue 8 years ago • 2 comments

Attacker can modify code,and open a edit gui in client side,then send edit result to server,but server side not check who send NBT update packet, just invoke update methd Advice: add permisson check to all packet in handleServerSide method

q178666380 avatar Mar 20 '17 10:03 q178666380

You might consider switching to the more recent fork of this plugin. NBTEdit has switched developers twice since David did this. https://github.com/Jay113355/NBTEdit/releases/

EmanYm avatar Jul 09 '17 21:07 EmanYm

@q178666380 HELLO

Icetebe avatar Feb 01 '20 18:02 Icetebe