Bugtraq mailing list archives

Re: Vulnerability in multiple "now playing" scripts for various IRC clients

From: Michael Tharp <gxti () partiallystapled com>
Date: Wed, 15 Aug 2007 13:34:38 -0400

v9 () fakehalo us wrote:

I may be rusty with knowledge about mirc (say almost 10 years out of date)...but, in what situation would the pipe 
('|') ever be processed from a variable, even if it was read from a mp3 ID3?


This is probably a bigger concern for *nix scripts, especially of the
homebrew variety where the owner hacks something out in 20 minutes and
never looks at it again. While the attacker might not have access to the
source code, they shouldn't have any problems defeating simple
substitution onto a command line.

  -- m. tharp

Current thread:

Vulnerability in multiple "now playing" scripts for various IRC clients Wouter Coekaerts (Aug 13)
- <Possible follow-ups>
- Re: Vulnerability in multiple "now playing" scripts for various IRC clients v9 (Aug 15)
  - Re: Vulnerability in multiple "now playing" scripts for various IRC clients Michael Tharp (Aug 15)
  - Re: Vulnerability in multiple "now playing" scripts for various IRC clients Wouter Coekaerts (Aug 16)