Welcome to the Hangar Open Beta. Please report any issue you encounter on GitHub!
Avatar for fanlim
Avatar for fanlim
fanlim /

oaexploits

Prevent exploits on your server.

Report oaexploits?

Release
1.3.82

fanlim released oaexploits version 1.3.82 on July 11, 2024

Changelog - Version 1.3.82

Fixed
  • Security Improvement: Inventory Title Spoofing Exploit
Details:

In this release, we've patched a critical security vulnerability related to custom inventory GUIs. Previously, the plugin identified custom GUIs by their titles, making it possible for players to spoof inventory titles and bypass certain protections. This could allow players to interact with illegal items without triggering the plugin's safeguards.

Changes Implemented:

  1. Custom InventoryHolder:

    • Introduced a new OaExploitsInventoryHolder class that implements InventoryHolder. This custom holder is now used to manage custom GUI inventories, ensuring that they cannot be spoofed by simply changing the title.
    • The OaExploitsInventoryHolder is tied directly to the player's UUID, providing a secure way to identify and manage custom GUIs.

  2. Event Handling Updates:

    • Updated the AntiIllegalItems class to check for the custom InventoryHolder instead of the inventory title. This change ensures that only legitimate custom GUIs are recognized and processed by the plugin.
    • Specific methods in AntiIllegalItems, such as onInventoryOpen, onInventoryClick, and others, now verify if the inventory holder is an instance of OaExploitsGUI.OaExploitsInventoryHolder.
Benefits:
  • Enhanced Security:
    • The use of a custom InventoryHolder makes it significantly harder for players to spoof the system. This server-side validation ensures that only legitimate interactions are processed.
  • Improved Control and Flexibility:
    • The custom InventoryHolder can store additional context about the GUI, making it easier to manage complex interactions and configurations securely.
  • Code Clarity and Separation of Concerns:
    • Clear separation between GUI management and item interaction checks, resulting in more maintainable and secure code.

By implementing these changes, we've strengthened the security of our plugin, ensuring that custom GUIs cannot be manipulated through title spoofing. This update is crucial for maintaining a fair and secure gameplay environment.

Information

Published onJuly 11, 2024
Downloads0

Platforms

Paper Paper (1.12-1.21)