JourneyMap 5.0.0RC2 Ultimate Edition – Resource Consumption (Denial of Service)

• Exploit Database
• 15 阅读

• 作者： CovertCodes
  日期： 2014-11-24
• 类别：

  • dos
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/35339/

• # Exploit Title: JourneyMap Disk-space consumption exploit
  # Date: 23Nov2014
  # Exploit Author: CovertCodes
  # Vendor Homepage: http://journeymap.techbrew.net/
  # Software Link: http://journeymap.techbrew.net/download/
  # Version: 5.0.0RC2 Ultimate Edition
  # Tested on: Linux
  
  
  JourneyMap (http://journeymap.techbrew.net/) is a mapping mod for 
  Minecraft.It comes included with some modpacks, and is enabled by 
  default in the popular Feed the Beast client.JourneyMap opens a web 
  server on the client which is configured to listen on port 8080.When 
  the client is running, a remote, unauthenticated user can have 
  JourneyMap save a screenshot of the game to the hard drive by accessing 
  a specific URL, consuming hard drive space.Here's an example:
  
  #!/bin/bash
   while true;
   do
   curl -o /dev/null 192.168.1.1:8080/action?type=savemap&mapType=day
   done
  
   This works even when the client has paused the game (by pressing 
  escape.)We include mapType=day because the software should refuse to 
  save a screenshot if the client user is underground, and the game is set 
  on hardcore mode.
  
   Accessing the URL and triggering a screenshot will display a message 
  on the client's screen, which may somewhat lessen the severity of this 
  exploit.Further, it takes a long time to fill up disk using this 
  technique.JourneyMap allows depth and resolution to be specified in
  the URL as well, though a few simple tests showed no change despite 
  altering these parameters.If one were able to increase the depth and
  resolution of the image, the drive would fill up faster.
  
   Tested with JourneyMap 5.0.0RC2 Ultimate Edition, but presumed to 
  work on other versions as well.