supybot !web title leaks LAN HTTP servers to the channel
Bug #234629 reported by
Ralph Corderoy
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
supybot (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: supybot
Ubuntu 8.04, supybot 0.83.3-1.
If supybot is running on a LAN and connecting to a public IRC server on the Internet, probably the normal state of affairs, normal unpriviledged users of the bot can do things like !web title http://
Changed in supybot: | |
status: | New → Confirmed |
To post a comment you must log in.
you can add a non-snarfing regex to the title snarfer in supybot, although not ideal, it offers a level of protection for a user. That plugin is in some ways dangerous by default as it automatically connects to any arbitary url that appears in a chan.