2014-03-12 17:18:22 |
wolfy1339 |
description |
1. Supybot hasn't received any updates since 2005
2. There are many security issues with it:
a.Anyone can crash it and computer where it's running on, just run the command "!misc last --regexp m/(.*\w){512}/"
Where "!" is the command char.
b. Another way to crash it and computer where it's running on, just run the command "!math calc factorial(999999)"
Where "!" is the command char.
c.Anyone can access network services via the bot. I don't have example command for this, but it happens by nesting "format cut" and "misc tell".
d.Web page with special characters in title can be used to send DCC/CTCP commands. This doesn't mean only things like CTCP actions (also known as /me), but known problems with old routers ( FF ? DCC SEND “ff???f??????????????” 0 0 0 ) which make them reconnect to the internet.
Usage:
!web title <malicious.page.here>
!web fetch <malicious.page.here>
NOTICE: WEB FETCH IS DISABLED BY DEFAULT
3. Choose one of it's forks like Limnoria |
1. Supybot hasn't received any updates since 2005
2. There are many security issues with it:
a.Anyone can crash it and computer where it's running on, just run the command "!misc last --regexp m/(.*\w){512}/"
Where "!" is the command char.
b. Another way to crash it and computer where it's running on, just run the command "!math calc factorial(999999)"
Where "!" is the command char.
c.Anyone can access network services via the bot. I don't have example command for this, but it happens by nesting "format cut" and "misc tell".
d.Web page with special characters in title can be used to send DCC/CTCP commands. This doesn't mean only things like CTCP actions (also known as /me), but known problems with old routers ( FF ? DCC SEND “ff???f??????????????” 0 0 0 ) which make them reconnect to the internet.
Usage:
!web title <malicious.page.here>
!web fetch <malicious.page.here>
NOTICE: WEB FETCH IS DISABLED BY DEFAULT
3. Choose one of it's forks like Limnoria instead of Supybot. |
|
2014-03-12 17:20:13 |
wolfy1339 |
description |
1. Supybot hasn't received any updates since 2005
2. There are many security issues with it:
a.Anyone can crash it and computer where it's running on, just run the command "!misc last --regexp m/(.*\w){512}/"
Where "!" is the command char.
b. Another way to crash it and computer where it's running on, just run the command "!math calc factorial(999999)"
Where "!" is the command char.
c.Anyone can access network services via the bot. I don't have example command for this, but it happens by nesting "format cut" and "misc tell".
d.Web page with special characters in title can be used to send DCC/CTCP commands. This doesn't mean only things like CTCP actions (also known as /me), but known problems with old routers ( FF ? DCC SEND “ff???f??????????????” 0 0 0 ) which make them reconnect to the internet.
Usage:
!web title <malicious.page.here>
!web fetch <malicious.page.here>
NOTICE: WEB FETCH IS DISABLED BY DEFAULT
3. Choose one of it's forks like Limnoria instead of Supybot. |
1. Supybot hasn't received any updates since 2005
2. There are many security issues with it:
a.Anyone can crash it and computer where it's running on, just run the command "!misc last --regexp m/(.*\w){512}/"
Where "!" is the command char.
b. Another way to crash it and computer where it's running on, just run the command "!math calc factorial(999999)"
Where "!" is the command char.
c. Anyone can access network services via the bot. I don't have example command for this, but it happens by nesting "format cut" and "misc tell".
d.Web page with special characters in title can be used to send DCC/CTCP commands. This doesn't mean only things like CTCP actions (also known as /me), but known problems with old routers ( FF ? DCC SEND “ff???f??????????????” 0 0 0 ) which make them reconnect to the internet.
Usage:
!web title <malicious.page.here>
!web fetch <malicious.page.here>
NOTICE: WEB FETCH IS DISABLED BY DEFAULT
3. Choose one of it's forks like Limnoria instead of Supybot. |
|