Security issue in Java based server
#5
Ah, so we're not as much vulnerable Wink I finally managed to get the PoC code running this is the result in MCS console:
Code:
[135d500f|14:55:15] Player xoft has joined the game
[affdd2ca|14:55:15] Adding player xoft to world "world.flat".
[affdd2ca|14:55:57] Too much data in queue for client "xoft" @ <redacted IP>, kicking them.
[affdd2ca|14:55:57] Sending a DC: "Server busy"
[affdd2ca|14:55:57] cClientHandle::Destroy: client 09282F98, "xoft"
[affdd2ca|14:55:57] Too much data in queue for client "xoft" @ <redacted IP>, kicking them.
[affdd2ca|14:55:57] Too much data in queue for client "xoft" @ <redacted IP>, kicking them.
[affdd2ca|14:55:57] Too much data in queue for client "xoft" @ <redacted IP>, kicking them.
[affdd2ca|14:55:57] Too much data in queue for client "xoft" @ <redacted IP>, kicking them.
[affdd2ca|14:55:57] Too much data in queue for client "xoft" @ <redacted IP>, kicking them.
[affdd2ca|14:55:57] Too much data in queue for client "xoft" @ <redacted IP>, kicking them.
[affdd2ca|14:55:57] Too much data in queue for client "xoft" @ <redacted IP>, kicking them.

So basically the packet is too large, so MCS kicks the player. We have a limit of 32 KiB of unprocessed incoming data.
I'll try modifying the PoC code to generate packet under 32 KiB.
Reply
Thanks given by:


Messages In This Thread
Security issue in Java based server - by Jammet - 04-17-2015, 09:48 PM
RE: Security issue in Java based server - by xoft - 04-17-2015, 10:10 PM
RE: Security issue in Java based server - by xoft - 04-17-2015, 10:32 PM
RE: Security issue in Java based server - by xoft - 04-17-2015, 10:59 PM
RE: Security issue in Java based server - by xoft - 04-17-2015, 11:05 PM
RE: Security issue in Java based server - by xoft - 04-18-2015, 10:09 PM
RE: Security issue in Java based server - by xoft - 04-19-2015, 02:33 AM



Users browsing this thread: 1 Guest(s)