egghelp/eggheads community

security BUG report for LolToolz6.2

2001-12-13T09:23:00-04:00

Thank you ppslim, this function is working fine now :]

// Don't Be Lazy, redownload this script now, don't forget to change pub prefix and other settings, cos everything is changed to default : ] //

Goodluck

Statistics: Posted by Guest — Thu Dec 13, 2001 9:23 am

security BUG report for LolToolz6.2

2001-12-13T09:08:00-04:00

little corecttion :
http://www.ppslim.ukshells.co.uk/netbots/lol.tcl

GL

Statistics: Posted by Guest — Thu Dec 13, 2001 9:08 am

security BUG report for LolToolz6.2

2001-12-12T23:53:00-04:00

I have posted a bug fixed version to http://www.ppslim.ukshells.co.uk/netbots/lo.tcl

It looks like this script is no longer in production, so I will package it up, and send it on to slennox for inclusion in the archive.

If there are any others, that find security bugs in scripts from the archive, please report them (it's like you to give me all you money, but what the hell) here. I will try my best (as will the tohers), to make bug fixes, and get them included in the Tcl archive.

Statistics: Posted by ppslim — Wed Dec 12, 2001 11:53 pm

security BUG report for LolToolz6.2

2001-12-12T14:36:00-04:00

the bug was found in chattr function, it allow users who has a flag +o ( global or on channel, it doesn't matter ), to become a bot master or a owner very easilly. I strongly recommend you to change these rows :

bind pub o|o [string trim $lol(cmdchar)]chattr pub_lol_chattr

bind msg o|o chattr msg_lol_chattr

to :

bind pub n|n [string trim $lol(cmdchar)]chattr pub_lol_chattr

bind msg n|n chattr msg_lol_chattr

so this function now can use only user who has the +n flag. If someone wants to rewrite this function i can say how this bug is working.

I think this is the first post about this bug here.. Thank for your attention

Keep looking ...

Statistics: Posted by Guest — Wed Dec 12, 2001 2:36 pm