38 lines
No EOL
1.6 KiB
Text
38 lines
No EOL
1.6 KiB
Text
# Exploit Title: JourneyMap Disk-space consumption exploit
|
|
# Date: 23Nov2014
|
|
# Exploit Author: CovertCodes
|
|
# Vendor Homepage: http://journeymap.techbrew.net/
|
|
# Software Link: http://journeymap.techbrew.net/download/
|
|
# Version: 5.0.0RC2 Ultimate Edition
|
|
# Tested on: Linux
|
|
|
|
|
|
JourneyMap (http://journeymap.techbrew.net/) is a mapping mod for
|
|
Minecraft. It comes included with some modpacks, and is enabled by
|
|
default in the popular Feed the Beast client. JourneyMap opens a web
|
|
server on the client which is configured to listen on port 8080. When
|
|
the client is running, a remote, unauthenticated user can have
|
|
JourneyMap save a screenshot of the game to the hard drive by accessing
|
|
a specific URL, consuming hard drive space. Here's an example:
|
|
|
|
#!/bin/bash
|
|
while true;
|
|
do
|
|
curl -o /dev/null 192.168.1.1:8080/action?type=savemap&mapType=day
|
|
done
|
|
|
|
This works even when the client has paused the game (by pressing
|
|
escape.) We include mapType=day because the software should refuse to
|
|
save a screenshot if the client user is underground, and the game is set
|
|
on hardcore mode.
|
|
|
|
Accessing the URL and triggering a screenshot will display a message
|
|
on the client's screen, which may somewhat lessen the severity of this
|
|
exploit. Further, it takes a long time to fill up disk using this
|
|
technique. JourneyMap allows depth and resolution to be specified in
|
|
the URL as well, though a few simple tests showed no change despite
|
|
altering these parameters. If one were able to increase the depth and
|
|
resolution of the image, the drive would fill up faster.
|
|
|
|
Tested with JourneyMap 5.0.0RC2 Ultimate Edition, but presumed to
|
|
work on other versions as well. |