From 746dd0bcf5f3b0e685d842252c620c01faff19b9 Mon Sep 17 00:00:00 2001 From: Andres Rey Date: Sat, 10 Mar 2018 17:49:00 +0000 Subject: Remove all class attributes from the tests --- test/test-pages/ars-1/expected.html | 56 ++++++++++++++++++------------------- 1 file changed, 28 insertions(+), 28 deletions(-) (limited to 'test/test-pages/ars-1') diff --git a/test/test-pages/ars-1/expected.html b/test/test-pages/ars-1/expected.html index a00aa37..0aecf6e 100644 --- a/test/test-pages/ars-1/expected.html +++ b/test/test-pages/ars-1/expected.html @@ -1,37 +1,37 @@ -
-
+
+

A flaw in the wildly popular online game Minecraft makes it easy for just about anyone to crash the server hosting the game, according to a computer programmer who has released proof-of-concept code that exploits the vulnerability.

"I thought a lot before writing this post," Pakistan-based developer Ammar Askar wrote in a blog post published Thursday, 21 months, he said, after privately reporting the bug to Minecraft developer Mojang. "On the one hand I don't want to expose thousands of servers to a major vulnerability, yet on the other hand Mojang has failed to act on it."

The bug resides in the networking internals of the Minecraft protocol. It allows the contents of inventory slots to be exchanged, so that, among other things, items in players' hotbars are displayed automatically after logging in. Minecraft items can also store arbitrary metadata in a file format known as Named Binary Tag (NBT), which allows complex data structures to be kept in hierarchical nests. Askar has released proof-of-concept attack code he said exploits the vulnerability to crash any server hosting the game. Here's how it works.

The vulnerability stems from the fact that the client is allowed to send the server information about certain slots. This, coupled with the NBT format’s nesting allows us to craft a packet that is incredibly complex for the server to deserialize but trivial for us to generate.

In my case, I chose to create lists within lists, down to five levels. This is a json representation of what it looks like.

- 
rekt: {
-    list: [
-        list: [
-            list: [
-                list: [
-                    list: [
-                        list: [
-                        ]
-                        list: [
-                        ]
-                        list: [
-                        ]
-                        list: [
-                        ]
-                        ...
-                    ]
-                    ...
-                ]
-                ...
-            ]
-            ...
-        ]
-        ...
-    ]
-    ...
-}
+ 
rekt: {
+    list: [
+        list: [
+            list: [
+                list: [
+                    list: [
+                        list: [
+                        ]
+                        list: [
+                        ]
+                        list: [
+                        ]
+                        list: [
+                        ]
+                        ...
+                    ]
+                    ...
+                ]
+                ...
+            ]
+            ...
+        ]
+        ...
+    ]
+    ...
+}

The root of the object, rekt, contains 300 lists. Each list has a list with 10 sublists, and each of those sublists has 10 of their own, up until 5 levels of recursion. That’s a total of 10^5 * 300 = 30,000,000 lists.

And this isn’t even the theoretical maximum for this attack. Just the nbt data for this payload is 26.6 megabytes. But luckily Minecraft implements a way to compress large packets, lucky us! zlib shrinks down our evil data to a mere 39 kilobytes.

Note: in previous versions of Minecraft, there was no protocol wide compression for big packets. Previously, NBT was sent compressed with gzip and prefixed with a signed short of its length, which reduced our maximum payload size to 2^15 - 1. Now that the length is a varint capable of storing integers up to 2^28, our potential for attack has increased significantly.

-- cgit v1.2.3