Date: Thu, 23 Jul 1998 20:58:33 -0400
From: Nick Koscianski <[email protected]>
To: [email protected]Subject: Backdoor in ircN, popular mIRC script.
A backdoor has been found in ircN, possibly the most popular mIRC
script. Using the command /ctcpreply, any user can make someone using
the backdoored versions do whatever they want. For example:
/ctcpreply Dianora ping $mode(#us-opers,+o,hax0r)
will force Dianora to give ops to hax0r in #us-opers.
also, they can be forced to run arbitrary programs, for example:
/ctcpreply Dianora $run(echo,"echo,y,|,format,c:\",>,c:\autoexec.bat)
will format this person's hard drive..definately not good.
A bug fix for this problem can be found at http://www.vode.org/ircN
-KKR
