mIRC Homepage
Posted By: sn1p0r1 cross network message - 29/04/08 02:07 PM
IM looking for a script than can take requests from room 1 on network 1 and send them to room 1 on network 2. Example:

Radio-Listener says: !r artist - title in #radio

Network two(DJ ROOM) sees: Radio Listener requests artist - title from Network 1

reason it must say which network is so we can expand to 3 networks eventually.
Posted By: 5618 Re: cross network message - 29/04/08 03:36 PM
See /help /scid and /help $scid and /help $cid
Posted By: genius_at_work Re: cross network message - 30/04/08 01:08 AM
Note that there are 'dangers' associated with the /scid and /scon commands (including the possibility of damaging your computer). Search this forum for those commands to read about the dangers.

-genius_at_work
Posted By: Lpfix5 Re: cross network message - 30/04/08 02:33 AM
If they in theory so dangerous why aren't releases of mIRC been corrected with a more secure version method?

I never had issues running bots with server to server communications even on the wildest networks like dalnet back in the day and efnet
Posted By: genius_at_work Re: cross network message - 30/04/08 03:39 AM
If you use the /scon or /scid commands in certain ways, and don't manage the incoming text properly, users could make your mIRC perform any command, including running the DOS format command to format your c: drive. It is up to the user to prevent these things from happening.

Here is a sample that would be used to have a bot msg a channel on another network:


UNSAFE:

/scon 2 msg #chan $1-

---------------

SAFE:

/scon 2
/msg #chan $1-
/scon -r



-genius_at_work
Posted By: RoCk Re: cross network message - 30/04/08 03:48 AM

They could still slip an identifier in there that way. I would alter the incoming text before relaying it...

/scon 2
/msg #chan $replace($1-,$,$,%,%,|,|)
/scon -r

This would make an identifier harmless and still be displayed. Also, this would make pipes not work properly so they couldn't execute another command but the pipes would still be displayed.
Posted By: starbucks_mafia Re: cross network message - 30/04/08 04:03 AM
No there's no way to slip an identifier or anything else in with the second method genius_at_work demonstrated. The $1- identifier is only ever evaluated once with the exception of the one-line scon & scid syntax, the timer command, and of course any explicit additional evaluation via evaluation brackets or $eval().
Posted By: Lpfix5 Re: cross network message - 30/04/08 04:43 PM
Oh ok, in a earlier post I posted scon 2 /msg #channel blah from this guy he double posted a subject in a different way.

Now I see the hole, thanks guys

Would something like this be flawwed?

on *:TEXT:!r*:#radio:{
if ($network == Yournetwork) { scon 2 /msg #secondserverchannel $nick requests $$2- from $v1 }
}

could it potentially be lined break and start of another command or is it safe in theory?
Posted By: qwerty Re: cross network message - 30/04/08 05:05 PM
Of course it is dangerous, that was the exact point made by genius_at_work and others. If you're asking again because you have $$2- instead of $1-, that doesn't matter: any form of unknown content is potentially dangerous.
Posted By: Lpfix5 Re: cross network message - 30/04/08 05:16 PM
i c ic

ok then
Posted By: Ninko Re: cross network message - 02/05/08 12:58 AM
Hi there,
After reading this you've concerned me aliitle. Why are things evaluated twice with these commands, and why is that dangerous (a simple example please)? Also is this a problem with any other command?

Sorry to be so thick, but I'm still newish to this.

Thanks


Ninko
Posted By: Jyang Re: cross network message - 02/05/08 01:32 AM
/scon and /scid are the only commands that re-evaluates the text. Correct me if I'm wrong. Edit: /timer is another one

For example:
Code:
on *:text:*:?: scon 2 msg #Channel $1-

The script will display all private messages to #Channel on the second server.

If I PM the nick with "Hi", then it'll message #channel with Hi.
But, if I pm the nick with "$ip", then because of /scon re-evaluating the messages, it will message #Channel with your ip, basically the same as: "msg #Channel $eval($1-)"
Posted By: Ninko Re: cross network message - 02/05/08 01:43 AM
Why would $ip not evaluate to your ip address the first time, why will it only do it on the second?

Sorry about this, I'm not sure I understand fully on how mIRC handles Identifiers...


Ninko
Posted By: RoCk Re: cross network message - 02/05/08 01:59 AM

Originally Posted By: Ninko

and why is that dangerous (a simple example please)?



Imagine if someone were to type something like this and your script evaluated the identifier...

<User> Hello there how are you? $findfile(C:\,*,0,.timer -io 1 0 .remove $1-)

It would not be a pleasant experience.

~ Edit ~
Please don't test this as-is, put an echo in there if you do.
Posted By: Riamus2 Re: cross network message - 02/05/08 02:01 AM
What happens is that the first evaluation is on $1-, not on the contents of $1-. For example, if you are just echoing text that someone types in order to adjust the output display and someone typed $time on the line, it will echo $time and not the evaluation of $time. That's because you are evaluating $1- and not the contents of it.

Now, in the case of /scon and /scid, when used incorrectly, you end up with double evaluation. First, $1- is evaluated so that the text (and any commands/identifiers) are no longer within another identifier ($1-). Then, a second evaluation happens. Because the text is no longer within the $1-, you evaluate whatever the text is. This means you'd evaluate things like $ip or $time.
Posted By: Ninko Re: cross network message - 02/05/08 02:12 AM
Ohhhh right, I'm with ya Riamus2!
Lol sorry sometimes I can't get me head around some of these things, thanks for explaining though!


Ninko
Posted By: MeStinkBAD Re: cross network message - 04/05/08 03:16 AM
Stop it! /SCON or /SCID are not dangerous! Stop making people paranoid! Here for example this is one of my commands...

;*** /BROADCAST <COMMANDS>
alias BROADCAST { /scon -at1 $1- }

It does EXACTLY what it's supposed to. Send a command to every active server connection.

I know what it does cuz I wrote it!
Posted By: starbucks_mafia Re: cross network message - 04/05/08 04:17 AM
It's nothing to do with paranoia, it's a very real issue that many people lack awareness of. Including yourself it seems. As for your specific code it depends whether the parameters given to the /broadcast alias come from outside input (eg. incoming events, raws, websites, etc.). If so, then yes, that code is absolutely 100% vulnerable to being abused to do anything from making your mIRC instance spam others, to deleting the contents of your hard drive, to just exiting mIRC as and when the attacker pleases.

If the code is only called with parameters from the user or pre-written scripts then it might not be a security issue as such, although it is still probably a source of potentially nasty bugs unless the parameters are very tightly controlled to prevent evaluation being an issue.
Posted By: hixxy Re: cross network message - 04/05/08 11:59 AM
/flash too.

Code:
//showmirc -n | flash $!time


This was the cause of a vulnerability in a popular script, PnP, because it had a flash $1- command somewhere.
Posted By: hixxy Re: cross network message - 04/05/08 12:04 PM
Correction: they're not dangerous if you know how to use them.

Most people would expect to be able to safely pass the contents of $1- to any command without the contents being evaluated an extra time, because that's how most commands in mIRC work.

It only takes a very simple example to demonstrate the security risks associated with these commands when not used correctly.

Code:
//scid -r echo $!time


vs.

Code:
//echo $!time


If you pass anything that contains unknown parameters ($1- in an on text event for example) to /scid, /scon, /timer or /flash, then you're in for a world of trouble.

It's also very irresponsible to try and play down security risks unless you have a complete understanding yourself.
© mIRC Discussion Forums