mIRC Homepage

Posting an Exploit, bug, or glitch, read this 1st!

Posted By: Cypris

Posting an Exploit, bug, or glitch, read this 1st! - 26/10/03 09:05 AM

I have been coming to the forums for a while now, You may
notice my post amount is not very high, this is because
99% of my questions get answers before i need to post. But
there seems to be a growing trend amongst the newer users.
But i will not limit this to them, this goes for everyone.

This trend of announcing you have for an Exploit in mIRC
and not giving ANY details, or asking Khaled himself, to
private message you for details is completely unacceptable.
Obviously, If what you found is so important then maybe
you shouldnt be announcing anything at all, and emailing
him directly, as im sure he responds to those faster, than
he does to the message boards.

Giving out details on an exploit, is not bad, as long as
a certain level of disgression is used. It is OK to give
out the details generated by windows and mIRC like the
Fatal Exception details, the reason for the crash, for
any of you Windows2000/XP users: the 'Dr. Watson' log.
You can safely give you information that describes WHY
it happend, as in was it in DCC, or scripting, things
like that. However, it is not OK to give out HOW it
happend, the means of getting mIRC to do it. With all the
REAL bugs and glitches and Exploits, Khaled is a very busy
person when you add that in with the rest of his daily
life. So take the following into consideration when posting
about a glitch, bug, or exploit:


1) The place in mirc where it occured.
2) Your System Details. (including mirc version)
3) If you can reproduce it, so do without scripts loaded.
4) Error Logs (mIRC, Windows).
5) Certain details that will tell Khaled enough about the
problem so he can know where to go to fix it in
his code.
6) Do not give out exact information on how to reproduce it.

7) If the Exploit is a major one (i.e. allows a person
to get info from your computer, gain access, or
launch commands) Then email Khaled and give hin
the exact method of reproducing it.

AND REMEMBER: Search the forums for your what you
have found, chances are someone already found it.
Posted By: Ch40sC0d3

Re: Posting an Exploit, bug, or glitch, read this 1st! - 26/10/03 06:58 PM

well maybe next time ill just post my reply on bugtraq and be done with it.
Posted By: Ch40sC0d3

Re: Posting an Exploit, bug, or glitch, read this 1st! - 26/10/03 07:01 PM

btw there was a fix posted on bugtraq that was along with my post

add this to remote and it will tell you and stop anyone trying to use the exploit

ctcp *:dcc send:*: if ($len($nopath($filename)) >= 225) { echo 4 -s [ $nick is trying to exploit with u sending $nopath($filename) ] | halt
Posted By: MTec89

Re: Posting an Exploit, bug, or glitch, read this - 26/10/03 07:40 PM

or dont accept the dcc with the long file name.. *Gasp!*
Posted By: cold

Re: Posting an Exploit, bug, or glitch, read this - 26/10/03 07:48 PM

This is wrong code. $filename isn't from the ctcp event scope..
Posted By: Ch40sC0d3

Re: Posting an Exploit, bug, or glitch, read this - 26/10/03 11:19 PM

works just fine for me , its a direct copy from my remote, tested 50 times.
Posted By: cold

Re: Posting an Exploit, bug, or glitch, read this - 26/10/03 11:23 PM

Hrm maybe $filename is "global" like $ifmatch then.
Posted By: Ch40sC0d3

Re: Posting an Exploit, bug, or glitch, read this - 27/10/03 01:52 AM

one problem MTec89, I was able to make the file send look legit. it looks like it sending a normal file. if accepted and minimized your gonna have to close mirc. even if you disconnect and click on the dcc send with right click it crashes still. My hope is that no shell code will be used with this exploit as the current worm spreading is bad enuff. virus's suck :tongue:
© 2020 mIRC Discussion Forums