Exploitable Packets
SmellyModder opened this issue ยท 1 comments
Currently, the packets MessageDismount
, MessageHurtMultipart
, and MessageMountPlayer
can be used maliciously via exploitable client trust.
The root of the exploitation with these packets is that clients are able to send these packets to the server and there are not many internal checks done inside the handling of these packets, trusting the client to do these checks.
MessageDismount
- Clients can arbitrarily tell the server to dismount any CreatureEntity
from the entity it is riding.
MessageHurtMultipart
- Clients can arbitrarily tell the server to damage any IHurtableMultipart
entity with any amount of damage.
MessageMountPlayer
- Clients can arbitrarily tell the server to mount any CreatureEntity
to another entity.