[9243] in bugtraq
Re: Mirc 5.5 'DCC Server' hole
daemon@ATHENA.MIT.EDU (Sandro Jurado)
Wed Jan 27 11:10:37 1999
Date: Tue, 26 Jan 1999 11:40:49 -0500
Reply-To: Sandro Jurado <devil@BETA.COSAPIDATA.COM.PE>
From: Sandro Jurado <devil@BETA.COSAPIDATA.COM.PE>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.4.05.9901240838280.17684-200000@adric.genocide2600.com>
On 24 Jan 99, at 8:44, Spikeman wrote:
> while talking with typo he gave me this mIRC bug as it says in the file #
> bug description: mirc 5.5's newly introduced dcc server feature doesn't #
> filter metachars(such as . and \) from sent filenames. this script fakes
> the # sending of a harmless file and then puts malicious file in a wanted
> # destination dir on the same harddrive (autostart dir is a good choice)
>
> If you have problems with the attchmnt i have the file at
> http://spikeman.genocide2600.com/balu.pl
As I see, this will only work if you have the mIRC DCCSERVER in ON.
If not, you wont have a port 59 listening to DCCs.
