mIRC Home    About    Download    Register    News    Help

Print Thread
Posting an Exploit, bug, or glitch, read this 1st! #57588 26/10/03 09:05 AM
Joined: Dec 2002
Posts: 43
C
Cypris Offline OP
Ameglian cow
OP Offline
Ameglian cow
C
Joined: Dec 2002
Posts: 43
I have been coming to the forums for a while now, You may
notice my post amount is not very high, this is because
99% of my questions get answers before i need to post. But
there seems to be a growing trend amongst the newer users.
But i will not limit this to them, this goes for everyone.

This trend of announcing you have for an Exploit in mIRC
and not giving ANY details, or asking Khaled himself, to
private message you for details is completely unacceptable.
Obviously, If what you found is so important then maybe
you shouldnt be announcing anything at all, and emailing
him directly, as im sure he responds to those faster, than
he does to the message boards.

Giving out details on an exploit, is not bad, as long as
a certain level of disgression is used. It is OK to give
out the details generated by windows and mIRC like the
Fatal Exception details, the reason for the crash, for
any of you Windows2000/XP users: the 'Dr. Watson' log.
You can safely give you information that describes WHY
it happend, as in was it in DCC, or scripting, things
like that. However, it is not OK to give out HOW it
happend, the means of getting mIRC to do it. With all the
REAL bugs and glitches and Exploits, Khaled is a very busy
person when you add that in with the rest of his daily
life. So take the following into consideration when posting
about a glitch, bug, or exploit:


1) The place in mirc where it occured.
2) Your System Details. (including mirc version)
3) If you can reproduce it, so do without scripts loaded.
4) Error Logs (mIRC, Windows).
5) Certain details that will tell Khaled enough about the
problem so he can know where to go to fix it in
his code.
6) Do not give out exact information on how to reproduce it.

7) If the Exploit is a major one (i.e. allows a person
to get info from your computer, gain access, or
launch commands) Then email Khaled and give hin
the exact method of reproducing it.

AND REMEMBER: Search the forums for your what you
have found, chances are someone already found it.


-Cypris
Re: Posting an Exploit, bug, or glitch, read this 1st! #57589 26/10/03 06:58 PM
Joined: Oct 2003
Posts: 6
C
Ch40sC0d3 Offline
Nutrimatic drinks dispenser
Offline
Nutrimatic drinks dispenser
C
Joined: Oct 2003
Posts: 6
well maybe next time ill just post my reply on bugtraq and be done with it.

Re: Posting an Exploit, bug, or glitch, read this 1st! #57590 26/10/03 07:01 PM
Joined: Oct 2003
Posts: 6
C
Ch40sC0d3 Offline
Nutrimatic drinks dispenser
Offline
Nutrimatic drinks dispenser
C
Joined: Oct 2003
Posts: 6
btw there was a fix posted on bugtraq that was along with my post

add this to remote and it will tell you and stop anyone trying to use the exploit

ctcp *:dcc send:*: if ($len($nopath($filename)) >= 225) { echo 4 -s [ $nick is trying to exploit with u sending $nopath($filename) ] | halt

Re: Posting an Exploit, bug, or glitch, read this #57591 26/10/03 07:40 PM
Joined: Jul 2003
Posts: 742
MTec89 Offline
Hoopy frood
Offline
Hoopy frood
Joined: Jul 2003
Posts: 742
or dont accept the dcc with the long file name.. *Gasp!*


http://MTec89Net.com
irc.freenode.net #MTec89Net
Re: Posting an Exploit, bug, or glitch, read this #57592 26/10/03 07:48 PM
Joined: Feb 2003
Posts: 810
C
cold Offline
Hoopy frood
Offline
Hoopy frood
C
Joined: Feb 2003
Posts: 810
This is wrong code. $filename isn't from the ctcp event scope..


* cold edits his posts 24/7
Re: Posting an Exploit, bug, or glitch, read this #57593 26/10/03 11:19 PM
Joined: Oct 2003
Posts: 6
C
Ch40sC0d3 Offline
Nutrimatic drinks dispenser
Offline
Nutrimatic drinks dispenser
C
Joined: Oct 2003
Posts: 6
works just fine for me , its a direct copy from my remote, tested 50 times.

Re: Posting an Exploit, bug, or glitch, read this #57594 26/10/03 11:23 PM
Joined: Feb 2003
Posts: 810
C
cold Offline
Hoopy frood
Offline
Hoopy frood
C
Joined: Feb 2003
Posts: 810
Hrm maybe $filename is "global" like $ifmatch then.


* cold edits his posts 24/7
Re: Posting an Exploit, bug, or glitch, read this #57595 27/10/03 01:52 AM
Joined: Oct 2003
Posts: 6
C
Ch40sC0d3 Offline
Nutrimatic drinks dispenser
Offline
Nutrimatic drinks dispenser
C
Joined: Oct 2003
Posts: 6
one problem MTec89, I was able to make the file send look legit. it looks like it sending a normal file. if accepted and minimized your gonna have to close mirc. even if you disconnect and click on the dcc send with right click it crashes still. My hope is that no shell code will be used with this exploit as the current worm spreading is bad enuff. virus's suck :tongue: