|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: XChat URL Handler bug affects v1.3.9 up
From: zenith parsec (zenith_parsec
THE-ASTRONAUT.COM)Date: Fri Aug 18 2000 - 13:41:35 CDT
- Next message: Alan DeKok: "Re: swc / ActivCard"
- Previous message: Vasilios Katos: "Re: swc / ActivCard"
- Next in thread: chrome: "Re: XChat URL Handler bug affects v1.3.9 up"
- Reply: chrome: "Re: XChat URL Handler bug affects v1.3.9 up"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
in my previous post i mentioned that all versions of XChat < 1.4.2 were
potentially vulnerable to commands embedded in URLs by backticking.
after some more research and looking at stuff on the net,
(http://www.xchat.org/changelog.txt)
it seems that this bug will only affect XChat versions
1.3.9 and above, up to and including 1.4.2 (the devel
series may also be vulnerable, as there is no mention on the changelog page of this bug.)
(release 1.3.9 was the first to have editable URL handlers, which seem to be the cause.)
(version 1.2.1 of xchat does not appear to be vulnerable.)
----+--
| zen +###########
+ ! %| #id -u
------- 0
Send someone a cool Dynamitemail flashcard greeting!! And get rewarded.
GO AHEAD! http://cards.dynamitemail.com/index.php3?rid=fc-41
- Next message: Alan DeKok: "Re: swc / ActivCard"
- Previous message: Vasilios Katos: "Re: swc / ActivCard"
- Next in thread: chrome: "Re: XChat URL Handler bug affects v1.3.9 up"
- Reply: chrome: "Re: XChat URL Handler bug affects v1.3.9 up"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]