New crash exploit in Minecraft MojangsonParser

New exploit! A lot of servers are put down with the help of the client, if you encounter such errors - then you are put down by this method. In this article, we will tell you how to fix the crash.

Изображение записи на Голем

This only works with vanilla commands: msg, minecraft:msg, tell, minecraft:tell, tm, teammsg, minecraft:teammsg, minecraft:w, minecraft:me

If you have a crash folder on your server with a crashlog where everything is flooded with MojangsonParser, then you were put down by this method.

java.lang.StackOverflowError: null
at net.minecraft.server.v1_16_R3.MojangsonParser.g(SourceFile:176) ~[patched_1.16.5.jar:git-Paper-788]
at net.minecraft.server.v1_16_R3.MojangsonParser.e(SourceFile:143) ~[patched_1.16.5.jar:git-Paper-788]
at net.minecraft.server.v1_16_R3.MojangsonParser.d(SourceFile:132) ~[patched_1.16.5.jar:git-Paper-788]
at net.minecraft.server.v1_16_R3.MojangsonParser.g(SourceFile:189) ~[patched_1.16.5.jar:git-Paper-788]

Udp: the western LiquidBounce client has found the way

Ways to solve a problem

We will tell you about three ways of solving the problem, and you can decide which way is best for your project. Some of them are paid and some are free.

1. It is recommended to set such settings in LPX plugin, if you have it.

Изображение записи на Голем
tab:
a:
enabled: true
punish: true
max-vl: 3
min-vl: 1
punish-commands:
- 'lpx kick %player% &cPossible server crash attempt. Did an error occur? Let us know:'
options:
starts:
- "/to "
- "//to"
- "minecraft:msg"
- "minecraft:advancement"
- "minecraft:attribute"
- "minecraft:ban"
- "minecraft:ban-ip"
- "minecraft:banlist"
- "minecraft:bossbar"
- "minecraft:clear"
- "minecraft:clone"
- "minecraft:data"
- "minecraft:datapack"
- "minecraft:debug"
- "minecraft:defaultgamemode"
- "minecraft:deop"
- "minecraft:difficulty"
- "minecraft:effect"
- "minecraft:enchant"
- "minecraft:execute"
- "minecraft:experience"
- "minecraft:fill"
- "minecraft:forceload"
- "minecraft:function"
- "minecraft:gamemode"
- "minecraft:give"
- "minecraft:help"
- "minecraft:kick"
- "minecraft:kill"
- "minecraft:list"
- "minecraft:loot"
- "minecraft:locate"
- "minecraft:locatebiome"
- "minecraft:message"
- "minecraft:me"
- "minecraft:op"
- "minecraft:pardon"
- "minecraft:pardon-ip"
- "minecraft:particle"
- "minecraft:playsound"
- "minecraft:recipe"
- "minecraft:reload"
- "minecraft:replaceitem"
- "minecraft:say"
- "minecraft:schedule"
- "minecraft:scoreboard"
- "minecraft:seed"
- "minecraft:setblock"
- "minecraft:setidletimeout"
- "minecraft:setworldspawn"
- "minecraft:spawnpoint"
- "minecraft:spectate"
- "minecraft:spreadplayers"
- "minecraft:stop"
- "minecraft:stopsound"
- "minecraft:summon"
- "minecraft:tag"
- "minecraft:team"
- "minecraft:teammsg"
- "minecraft:tell"
- "minecraft:tellraw"
- "minecraft:teleport"
- "minecraft:time"
- "minecraft:tp"
- "minecraft:trigger"
- "minecraft:weather"
- "minecraft:whitelist"
- "minecraft:worldborder"
- "minecraft:w"
- "minecraft:xp"
- "minecraft:title"
- "minecraft:tm"
contains:
- "while"
- "targetoffset"
- "for("
- "^(."
- "*."
- "@a"
- "@e"
- "@p"
- "@s"
- "@r"

Configure author Dark Mark

2. Install the AnarchyExploitFixes plugin 2.6.6 or higher

For versions 1.13-1.16.5 etc.

AnarchyExploitFixes-Legacy-2.6.6 (1).jar
Download

[18,4 МБ] downloads: 123

For new versions 1.19,1.20,1.21

AnarchyExploitFixes-Folia-2.6.6.jar
Download

[18,1 МБ] downloads: 125

Plugin authors: moo, xGinko

3. Download BigTeamCompletionFix plugin

This plugin fixes a vulnerability and has no extra fixes. It requires ProtocolLib to work

BigTeamCompletionFix.jar
Download

[4,6 КБ] downloads: 154

Authors: BigTeam

Additional tips

It is also recommended to do this action:

Deny players access to minecraft.command.* commands [even if they are blocked, you can still be put down]

Изображение записи на Голем

More useful information can be found here: EnotTeam - Minecraft Servers Creation

2090 views
0 комментариев
Пожалуйста, создайте учетную запись или
авторизуйтесь прежде чем оставлять комментарии