mIRC Home    About    Download    Register    News    Help

Print Thread
#131735 04/10/05 01:24 AM
Joined: Apr 2004
Posts: 218
P
Fjord artisan
OP Offline
Fjord artisan
P
Joined: Apr 2004
Posts: 218
Um, I'm not quite sure if this bug has been reported yet, and if not I would like to just repost.
But mIRC evaluates identifiers in topics when the user has auto-join on invite turned on.

I really don't want to post examples of my beta testing and fun times but basically when someone has /ajinvite on, and you invite them into a channel with certain names and identifiers it evaluates them.

Just would like to make this issue notiable again..


WinXP w/ mIRC 6.16


Live to Dream & Dream for Life
#131736 04/10/05 03:42 AM
Joined: Aug 2004
Posts: 7,252
R
Hoopy frood
Offline
Hoopy frood
R
Joined: Aug 2004
Posts: 7,252
I don't see what the bug is with this.
I have an Auction room on an adult network, where people can put themselves up for auction, and when there is someone the person's nick is put into the topic, and I use the identifier $nick($chan,1,v) in the topic.

If I was to join the room, whether via "auto-join on invite" or some other method, is irrelevant, I'd rather see a name in place of $nick($chan,1,v) to the code.

If the identifiers didn't evaluate, then all I'd see would be the code, not the results of the code (ie: the nick)

#131737 04/10/05 07:24 AM
Joined: Sep 2005
Posts: 2,881
H
Hoopy frood
Offline
Hoopy frood
H
Joined: Sep 2005
Posts: 2,881
If I invite you to a channel that has certain identifier names in the channel name the identifiers will be evaluated on your (the innocent user that's just been invited to a channel) machine. It doesn't take a genious to figure out that this is a security risk.

#131738 04/10/05 08:02 AM
Joined: Jun 2003
Posts: 5,024
M
Hoopy frood
Offline
Hoopy frood
M
Joined: Jun 2003
Posts: 5,024
Yes, this has been reported before. If you're not sure use the search feature.

Regards,


Mentality/Chris
#131739 04/10/05 08:43 AM
Joined: Aug 2004
Posts: 7,252
R
Hoopy frood
Offline
Hoopy frood
R
Joined: Aug 2004
Posts: 7,252
Thanks for the clarification, hixxy. I misunderstood what they were referring to. Does this just affect people that join channels using the Auto-join on invite, or does it also affect people that join by manually acceping an invite?

#131740 04/10/05 09:10 AM
Joined: Jun 2003
Posts: 5,024
M
Hoopy frood
Offline
Hoopy frood
M
Joined: Jun 2003
Posts: 5,024
It is relevant to AJ on Invite only.

Regards,


Mentality/Chris
#131741 04/10/05 09:23 AM
Joined: Nov 2003
Posts: 157
Vogon poet
Offline
Vogon poet
Joined: Nov 2003
Posts: 157
I have made an ADDON that temporary fix this problem on mircscripts.org

#131742 04/10/05 09:22 PM
Joined: Apr 2004
Posts: 218
P
Fjord artisan
OP Offline
Fjord artisan
P
Joined: Apr 2004
Posts: 218
Quote:

Yes, this has been reported before. If you're not sure use the search feature.


- I did use the search engine and searched for "auto-join" autojoin", but I only set the date back to 1 year. So I might've missed it. :tongue:

And, in reponse to RuFy
Indeed. Reason why I posted this topic. I wondered to my self why has there not been a fix in the program itself. smile


Live to Dream & Dream for Life
#131743 05/10/05 12:47 PM
Joined: Oct 2004
Posts: 8,330
Hoopy frood
Offline
Hoopy frood
Joined: Oct 2004
Posts: 8,330
Because there has not been a new version out since it was reported. smile

You'd probably find it more easily searching for invite than by searching for autojoin. laugh


Invision Support
#Invision on irc.irchighway.net
#131744 08/10/05 12:14 AM
Joined: Aug 2003
Posts: 41
T
Ameglian cow
Offline
Ameglian cow
T
Joined: Aug 2003
Posts: 41
Workaround:

raw 332:*: {
; Channel topic
echo 3 -ti2 $2 * Topic: ' $+ $3- $+ '
halt
}

Adjust to your needs.

#131745 08/10/05 09:17 AM
Joined: Apr 2004
Posts: 868
Sat Offline
Hoopy frood
Offline
Hoopy frood
Joined: Apr 2004
Posts: 868
Please refrain from posting workarounds to security issues that you haven't understood. You may give people a false sense of security.

A real workaround is to turn off autojoin-on-invite, by typing: /ajinvite off


Saturn, QuakeNet staff

Link Copied to Clipboard