mIRC Home    About    Download    Register    News    Help

Print Thread
#179588 25/06/07 08:06 AM
Joined: Jun 2007
Posts: 5
X
XStatic Offline OP
Nutrimatic drinks dispenser
OP Offline
Nutrimatic drinks dispenser
X
Joined: Jun 2007
Posts: 5
Yup, found a loophole. $chr(13) makes you send out a command to raw, so if you have a bot and you give everyone access to it. One person only has to do.

Quote:
!say $+(Test,$chr(13),PRIVMSG YourNick Hello, my nickname is $nick and my ip is $ip)


Hope this can be fixed ASAP

XStatic #179589 25/06/07 08:25 AM
Joined: Jun 2007
Posts: 15
W
Pikka bird
Offline
Pikka bird
W
Joined: Jun 2007
Posts: 15
This should be reported in the Bug Forum.

Also if your bug is related to chr(13) you are assuming that everyone is using the same font as you are. Therefore making this not a mirc bug in my opinion.

Also, don't give random people you don't know access to your bot.

weakness #179590 25/06/07 08:58 AM
Joined: Dec 2002
Posts: 3,138
C
Hoopy frood
Offline
Hoopy frood
C
Joined: Dec 2002
Posts: 3,138
XStatic: That's not a problem with mIRC, that's a problem with a poorly written !say script. A script should never evaluate identifiers passed to it by other IRC users.

weakness: It's nothing to do with his font.

XStatic #179597 25/06/07 11:23 AM
Joined: Sep 2005
Posts: 2,881
H
Hoopy frood
Offline
Hoopy frood
H
Joined: Sep 2005
Posts: 2,881
The !say script must be evaluating the contents by doing something like this:

Code:
on *:text:!say *:#:{ msg # $eval($2-,2) }


Or:

Code:
on *:text:!say *:#:{ scid -r msg # $2- }


Or:

Code:
on *:text:!say *:#:{ .timer 1 1 msg # $2- }


They're all poorly written, because all 3 of those evaluate everything passed.

As for your example, using $chr(13) (or $cr) is the very least of your problems. Somebody could use $findfile() to execute mIRC commands.

mIRC isn't to blame for scripter's mistakes.


Link Copied to Clipboard