EasyCommandBlocker, developed by Ajneb97, is a plugin designed to prevent players from using tab-completion for commands they shouldn't access. The plugin uses messaging channels to synchronize data between the proxy and backend servers. However, a critical oversight occurs when the proxy lacks the corresponding plugin: the messaging channels remain accessible to players, creating a potential vulnerability.
The exploit works by sending a crafted plugin message through the
ecb:channel.
This is due to the plugin not properly validating the source of the connection,
allowing an attacker to send spoofed messages. In this way, they can execute
arbitrary commands on the console, compromising the server's security
To use this exploit, you can use the proxy command in MCPTool and use the /ecb command. You can also use clients like MCPClient or ParadiseClient.