mIRC Homepage
Posted By: sintryx Is this a bug? //echo $($decode(JGZ - 15/10/04 05:30 PM
//echo $($decode(JGZ-edit))

In status window: #ý Cannot send to channel
Seems like it reads the perform.ini and sends it to that channel.
Posted By: Mentality Re: Is this a bug? //echo $($decode(JGZ - 15/10/04 05:38 PM
Not a bug really, $decode can be abused to do all sorts of things and decode into commands. In your example, it probably intended to read perform.ini because a lot of people have their passwords stored in perform.ini to identify on connect and perhaps other confidential stuff too.
The person who made it was a bit stupid though (shock horror), it was probably intended for a specific network where that channel was -n and therefore DID accept channel messages from outside the channel.

It is NOT a good idea to write what others tell you to type, particularly if it has $decode in it, you can bet your bottom dollar it's bad - incase you're wondering, it does have its uses and is not always abused, hence why it's kept in mIRC.

It's important to stay safe on IRC, your nickname/username password is not the only thing that can be lost by careless mistakes, you could end up infecting your computer and lose all kinds of information/documents. You might want to look at this document if you're not 'IRC savvy'.

Regards,
No it isn't a bug. Telling other people to type /some_command $decode(encoded_text) is a common method used to exploit people on IRC. Just one of many reasons why you should never type in commands that someone tells you to on IRC.
Posted By: wiebe Re: Is this a bug? //echo $($decode(JGZ - 15/10/04 07:18 PM
note the $() around it, that is actually the same as $eval(). so when you try to echo it, the code contained in the encrypted string is executed. lesson: dont blindy try to echo every $decode string you see.
© mIRC Discussion Forums