mIRC Home    About    Download    Register    News    Help

Print Thread
#267745 15/09/20 06:04 PM
Joined: Sep 2003
Posts: 35
O
Ook Offline OP
Ameglian cow
OP Offline
Ameglian cow
O
Joined: Sep 2003
Posts: 35
On mIRC v6.35 open options->other->lock & you will see a "disabled commands" list, do the same thing on any mIRC since 7.52 (the oldest v7+ mIRC i have) & the list is missing.

This on windows 7 x64 with a clean mIRC install.

Joined: Dec 2002
Posts: 5,412
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 5,412
This option was removed long ago because it was no longer useful and gave a false sense of security. It originally allowed users to disable a small set of scripting features from being used, however the scripting language had evolved to the point where, realistically, many commands, identifiers, etc. would need to be added to such a list and a user would need to micro-manage a large list of commands and identifiers to allow even simple scripts to work. Instead, from v7.44 onwards, a warning is given to users when they run a script or try to use a command.

Joined: Jan 2004
Posts: 2,127
Hoopy frood
Offline
Hoopy frood
Joined: Jan 2004
Posts: 2,127
Have a look at https://en.wikichip.org/wiki/mirc/msl_injection for some examples of things to watch out for in scripts. Some of these issues are caused simply by people writing their own scripts in a careless manner, but these things can be found in publicly available scripts that people innocently don't know have these types of problems. While the scripts work perfectly fine when used as intended, you must be careful about how you use timers, specifically in how you use text not created by you. As you can see from these examples, even $calc could be used against you in a limited context.

You can create aliases to defend against some of the built-in /commands, but not against $identifiers. However, the ! prefix would make even this defense pointless. For example, "run" was one of the commands on the old list being blocked. You could make this alias which would intercept a script trying to use "run something", and would block it unless it did "run password something". However, if they used "!run something" it would execute the built-in identifier without checking for the existence of this alias, in the same way this alias evades another alias created to alter the format of the /echo command.

run {
!if ($1 != password) { !echo -a halt: attempt to use /run command without password! | !halt }
!run $2-
}

Some of the other things on the old "block" list were identifiers, which you can't intercept using an alias. You create an "alias decode" to intercept "/decode parameters", but it can't intercept "$decode(parameters)".


Link Copied to Clipboard