Enderio: Telepad Data Corruption?

Created on 4 Apr 2017  Â·  6Comments  Â·  Source: SleepyTrousers/EnderIO

hey,
is it possible to manipulate the packets and teleport other players with enderio?
We had two players on the server who could teleport any player and one had the telepad and the other one Coordinate Selector in the inventory.

EnderIO-1.10.2-3.1.156

1.10 Code Complete bug

Most helpful comment

As far as I see, the telepad must actually exist, and it also has to be powered. However, the actual teleport of a player can apparently be triggered by sending a crazypants.enderio.teleport.telepad.packet.PacketTeleport to the server from any client, and here we can specify any player to be teleported, and it's not checked that the player is actually standing on the telepad.

All 6 comments

yes, to a certain extend. I don't think it's possible to tp other players using a nonexistent telepad, but I'd have to double check that.

All the teleport code is processed entirely on the server. I don't see any way the client could sent invalid data and have it executed.

As far as I see, the telepad must actually exist, and it also has to be powered. However, the actual teleport of a player can apparently be triggered by sending a crazypants.enderio.teleport.telepad.packet.PacketTeleport to the server from any client, and here we can specify any player to be teleported, and it's not checked that the player is actually standing on the telepad.

or is privileged to teleport others

But that comes from the server so how could a client interfere?

On Apr 4, 2017 6:27 PM, "Slind14" notifications@github.com wrote:

or is privileged to teleport others

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/SleepyTrousers/EnderIO/issues/4128#issuecomment-291653104,
or mute the thread
https://github.com/notifications/unsubscribe-auth/ADk-8Os8_XjkLlr0WOlsAqT0Fum7jFPFks5rssO4gaJpZM4MzBzz
.

@tterrag1098 The same packet is used for the GUI button, have a look at the call stack to its constructor...

PS: Edited the title to make it a bit less obvious.

Was this page helpful?
0 / 5 - 0 ratings