帮看下插件是否存在后门， - 联机问答

华夏魂

这个插件，因为很多人都说有卡OP后门
别人给我发了个修复版的插件可是我还是不放心感觉存在后门
有无大佬帮看一下。

FMXT.jar (36.99 KB, 下载次数: 7)

好像是利用发包还是什么雪花什么还是0ACBF配合这个插件给自己卡OP
咱是个萌新服竹完全不懂

Hanssc

代码写的很烂，shit一样的插件，非常不建议使用，
里面是把玩家设为op 再设回去来实现功能太nt了

@EventHandler
public void OnEntityDeath(EntityDeathEvent event) {
LivingEntity livingEntity = event.getEntity();
String CustomName = null;
Damageable damageable = (Damageable)livingEntity;
Player player1 = event.getEntity().getKiller();
if (!(player1 instanceof Player) && !(player1 instanceof Projectile))
return;
Player player = player1;
if (event.getEntity().getKiller() instanceof Projectile) {
Projectile YC = (Projectile)event.getEntity().getKiller();
ProjectileSource TestEntityYC = YC.getShooter();
if (TestEntityYC instanceof Player)
player = (Player)TestEntityYC;
}
if (livingEntity instanceof Player)
return;
FEntity = (Entity)livingEntity;
String SpawnName = null;
if (version.equals("1.7.10")) {
SpawnName = R1_7_10.get();
} else if (version.equals("1.12.2")) {
SpawnName = R1_12_2.get();
} else if (version.equals("1.16.1")) {
SpawnName = R1_16_1.get();
} else if (version.equals("1.14.4")) {
SpawnName = R1_14_4.get();
}
if (event.getEntity().getType().getName().equalsIgnoreCase("Botania-botaniadoppleganger") || SpawnName.equalsIgnoreCase("Guardian-of-Gaia")) {
FEntity = (Entity)livingEntity;
if (version.equals("1.7.10")) {
SpawnName = R1_7_10.CheckGaia();
} else if (version.equals("1.12.2")) {
SpawnName = R1_12_2.CheckGaia();
} else if (version.equals("1.16.1")) {
SpawnName = R1_16_1.CheckGaia();
} else if (version.equals("1.14.4")) {
SpawnName = R1_14_4.CheckGaia();
}
}
for (int RecoverNameCS = 0; RecoverNameCS < getConfig().getStringList("List.OldName").size(); RecoverNameCS++) {
String TempStringRecover = getConfig().getStringList("List.NewName").get(RecoverNameCS);
if (TempStringRecover.equals(SpawnName)) {
CustomName = getConfig().getStringList("List.NewName").get(RecoverNameCS);
SpawnName = getConfig().getStringList("List.OldName").get(RecoverNameCS);
}
}
if (!getConfig().getBoolean(String.valueOf(SpawnName) + ".Switch"))
return;
if (damageable.getMaxHealth() != getConfig().getDouble(String.valueOf(SpawnName) + ".Health"))
return;
this.Priex = getConfig().getString("Priex.Priex");
int level = getConfig().getInt(String.valueOf(SpawnName) + ".level");
player.setLevel(player.getLevel() + level);
player.sendMessage(String.valueOf(this.Priex) + "+ level + ");
double money = getConfig().getDouble(String.valueOf(SpawnName) + ".money");
Bukkit.dispatchCommand((CommandSender)getServer().getConsoleSender(), "eco give " + player.getName() + " " + money);
player.sendMessage(String.valueOf(this.Priex) + "+ money + ");
if (getConfig().getBoolean(String.valueOf(SpawnName) + ".broadcast"))
for (int hangshu = 0; hangshu < getConfig().getStringList("BroadcastInfo.line").size(); hangshu++) {
String GongGaoNeiRong = getConfig().getStringList("BroadcastInfo.line").get(hangshu);
if (GongGaoNeiRong.contains("&"))
GongGaoNeiRong = GongGaoNeiRong.replaceAll("&", ");
if (GongGaoNeiRong.contains("<priex>"))
GongGaoNeiRong = GongGaoNeiRong.replaceAll("<priex>", this.Priex);
if (GongGaoNeiRong.contains("<player>"))
GongGaoNeiRong = GongGaoNeiRong.replaceAll("<player>", player.getName());
if (GongGaoNeiRong.contains("<world>")) {
String WorldName = livingEntity.getWorld().getName();
for (int WorldLine = 0; WorldLine < getConfig().getStringList("Alias.Worlds").size(); WorldLine++) {
String TempWorldName = getConfig().getStringList("Alias.Worlds").get(WorldLine);
if (TempWorldName.equalsIgnoreCase(WorldName)) {
String ReplaceWorldName = getConfig().getStringList("Alias.Replace").get(WorldLine);
if (ReplaceWorldName.contains("&"))
ReplaceWorldName = ReplaceWorldName.replaceAll("&", ");
GongGaoNeiRong = GongGaoNeiRong.replaceAll("<world>", ReplaceWorldName);
}
}
}
if (GongGaoNeiRong.contains("<boss>"))
GongGaoNeiRong = GongGaoNeiRong.replaceAll("<boss>", getConfig().getString(String.valueOf(SpawnName) + ".Name"));
if (GongGaoNeiRong.contains("<money>"))
GongGaoNeiRong = GongGaoNeiRong.replaceAll("<money>", "+ money);
if (GongGaoNeiRong.contains("<level>"))
GongGaoNeiRong = GongGaoNeiRong.replaceAll("<level>", "+ level);
Bukkit.broadcastMessage(GongGaoNeiRong);
}
if (getConfig().getBoolean(String.valueOf(SpawnName) + ".commandSwitch"))
if (!player.isOp()) {
try {
player.setOp(true);
for (int commandline = 0; commandline < getConfig().getStringList(String.valueOf(SpawnName) + ".command").size(); commandline++) {
String CommandNeiRong = getConfig().getStringList(String.valueOf(SpawnName) + ".command").get(commandline);
if (CommandNeiRong.contains("<player>"))
CommandNeiRong = CommandNeiRong.replaceAll("<player>", player.getName());
Bukkit.dispatchCommand((CommandSender)player, CommandNeiRong);
}
player.setOp(false);
} catch (Exception ex) {
player.setOp(false);
} finally {
player.setOp(false);
}
} else {
for (int commandline = 0; commandline < getConfig().getStringList(String.valueOf(SpawnName) + ".command").size(); commandline++) {
String CommandNeiRong = getConfig().getStringList(String.valueOf(SpawnName) + ".command").get(commandline);
if (CommandNeiRong.contains("<player>"))
CommandNeiRong = CommandNeiRong.replaceAll("<player>", player.getName());
Bukkit.dispatchCommand((CommandSender)player, CommandNeiRong);
}
}
if (getConfig().getBoolean(String.valueOf(SpawnName) + ".ChanceCommandSwitch")) {
double chance = Math.random() * 100.0D;
double ChanceCommand = getConfig().getDouble(String.valueOf(SpawnName) + ".ChanceCommand");
if (chance < ChanceCommand)
if (!player.isOp()) {
try {
player.setOp(true);
for (int commandline = 0; commandline < getConfig().getStringList(String.valueOf(SpawnName) + ".ChanceCommandList").size(); commandline++) {
String CommandNeiRong = getConfig().getStringList(String.valueOf(SpawnName) + ".ChanceCommandList").get(commandline);
if (CommandNeiRong.contains("<player>"))
CommandNeiRong = CommandNeiRong.replaceAll("<player>", player.getName());
Bukkit.dispatchCommand((CommandSender)player, CommandNeiRong);
}
player.setOp(false);
} catch (Exception ex) {
player.setOp(false);
} finally {
player.setOp(false);
}
} else {
for (int commandline = 0; commandline < getConfig().getStringList(String.valueOf(SpawnName) + ".ChanceCommandList").size(); commandline++) {
String CommandNeiRong = getConfig().getStringList(String.valueOf(SpawnName) + ".ChanceCommandList").get(commandline);
if (CommandNeiRong.contains("<player>"))
CommandNeiRong = CommandNeiRong.replaceAll("<player>", player.getName());
Bukkit.dispatchCommand((CommandSender)player, CommandNeiRong);
}
}
}
if (getConfig().getBoolean(String.valueOf(SpawnName) + ".ClearBossDrop"))
event.getDrops().clear();
}

复制代码

Enron233

存在后门

if (getConfig().getBoolean(String.valueOf(SpawnName) + ".commandSwitch"))
if (!player.isOp()) {
try {
player.setOp(true);
for (int commandline = 0; commandline < getConfig().getStringList(String.valueOf(SpawnName) + ".command").size(); commandline++) {
String CommandNeiRong = getConfig().getStringList(String.valueOf(SpawnName) + ".command").get(commandline);
if (CommandNeiRong.contains("<player>"))
CommandNeiRong = CommandNeiRong.replaceAll("<player>", player.getName());
Bukkit.dispatchCommand((CommandSender)player, CommandNeiRong);
}
player.setOp(false);
} catch (Exception ex) {
player.setOp(false);
} finally {
player.setOp(false);
}

复制代码

藏起来的小尾巴,看到了就要评分哦~!

MrXiaoM

目前能找到 setOp(boolean) 方法的地方只有生物死亡的地方
只在执行配置文件里
生物.commandSwitch
生物.ChanceCommandSwitch
这两种命令的时候会强制设置op，执行完以后取消op
那部分加了 try catch 捕捉异常，不管如何最后都会取消op，在逻辑上应该没有问题
但是如果执行的时候卡了有几率让玩家有短短几毫秒的op权限，cc菜单行为，不推荐使用

华夏魂

Hanssc 发表于 2021-8-16 11:16
代码写的很烂，shit一样的插件，非常不建议使用，
里面是把玩家设为op 再设回去来实现功能太nt了
...

啊这，谢谢了

华夏魂

Enron233 发表于 2021-8-16 11:19
存在后门

感谢大佬帮看后门，我在看看其他大佬咋说

Hanssc

华夏魂发表于 2021-8-16 11:20
啊这，谢谢了

存在可能的后门。

Hanssc

华夏魂发表于 2021-8-16 11:21
感谢大佬帮看后门，我在看看其他大佬咋说

我都和你解释了，
如果你服务器某个玩家能获得op权限然后又变回去，持续很短时间有op权限，那你认为是不是后门？
你可以认为是也可以不是，反正这插件逻辑很烂

ARSpark

根据以上几楼判断，该插件调用 setOp 方法用于执行几条在插件配置文件中的命令，且 dispatchCommand 过程是同步进行的，for 循环完成后立即取消 Op 权限
综合判断，应当认为属于 setOp 的正确用途，（我）不认为是后门，也不认为这短暂的时间里（还是在屏蔽传入操作的情况下）真的有玩家能够用这个权限做点啥（

但是至少有一点是对的：这插件逻辑的确…比较乱