dcc exploit fix for 6.03 - 21/10/03 09:11 PM
ok what i need is a slight amount of help on being able to check for the spaces in a dcc send of resume im sending the dcc to my script in a signal and it is effectivly blocking out the exploit ..... but what i am trying to do now is create a echo to my active window so here is what i need to run a check thru.
*** 3 SOMEuser!SOMEUSER@HOST.com_D3m0n_ DCC SEND "DCC EXPLOIT FILENAME" 0 0 0
***EDITED TO REMOVE OUT THE ACTUAL EXPLOIT***
the first number is the cid it come from the second part if the actual user then me and the dcc send and resume would be in $5 and the actual file name is in " " the other stuff is how it comes in but everyone should know that. what im wanting to know is whats going to be the fastest method of checking this is an exploit or not? basically thats all i need to have and i can release an exploit fix for this using 6.03. if anyone else wants to take a stab at this what im doing is ignoring all ctcps. then using a timer to check a hidden window.cid then sending a signal if it meets a set parameters. then using that i can do several things like send the ping reply version reply and time reply using ctcpreply. a bonus side effect is that the dcc is also picked up in this script. thus allowing me to reject the exploit. ive tried the exploit on a clean mirc and it infact does crash, i unloaded that signal script and my mirc crashed. so somehow by delaying it mirc doesnt even need to ignore the user it just rejects it on its own. like its using 6.12 or something. its really hard to explain but anyone that can help me out in this id appreciate. as using regex is probably the best method but its something im just terrible at.
*** 3 SOMEuser!SOMEUSER@HOST.com_D3m0n_ DCC SEND "DCC EXPLOIT FILENAME" 0 0 0
***EDITED TO REMOVE OUT THE ACTUAL EXPLOIT***
the first number is the cid it come from the second part if the actual user then me and the dcc send and resume would be in $5 and the actual file name is in " " the other stuff is how it comes in but everyone should know that. what im wanting to know is whats going to be the fastest method of checking this is an exploit or not? basically thats all i need to have and i can release an exploit fix for this using 6.03. if anyone else wants to take a stab at this what im doing is ignoring all ctcps. then using a timer to check a hidden window.cid then sending a signal if it meets a set parameters. then using that i can do several things like send the ping reply version reply and time reply using ctcpreply. a bonus side effect is that the dcc is also picked up in this script. thus allowing me to reject the exploit. ive tried the exploit on a clean mirc and it infact does crash, i unloaded that signal script and my mirc crashed. so somehow by delaying it mirc doesnt even need to ignore the user it just rejects it on its own. like its using 6.12 or something. its really hard to explain but anyone that can help me out in this id appreciate. as using regex is probably the best method but its something im just terrible at.