Mikaela/mikaela.github.io
1
0
Fork 0
mirror of https://github.com/mikaela/mikaela.github.io/ synced 2025-02-23 08:50:43 +01:00
Code Issues Projects Releases Wiki Activity

IRC/Supybot: mention !web fetch

Browse Source
This commit is contained in:
Mikaela Suomalainen 2012-10-31 20:04:22 +02:00
parent bdf430497e
commit ddbc41a0e3
2 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
IRC/Supybot.html
View File

@ -32,8 +32,12 @@ Security issues of Supybot
<p>What does this mean? Anyone can tell the bot to ghost someone else on same account, take over a channel by telling the bot to give flags (if it has correct flags), change password of the account and everything else what you do with network services.</p>
<h2 id="web-page-with-special-characters-in-title-can-be-used-to-send-dccctcp-commands.">4. Web page with special characters in title can be used to send DCC/CTCP commands.</h2>
<p>This doesn't mean only things like CTCP actions (also known as /me), but known problems with old routers ( FF ? DCC SEND “ff???f??????????????” 0 0 0 ) which make them reconnect to the internet.</p>
<p>Usage:</p>
<pre><code>!web title &lt;malicious.page.here&gt;
!web fetch &lt;malicious.page.here&gt;</code></pre>
<p>Note that web fetch is disabled by default.</p>
<p>This is currently* fixed only in Limnoria's testing version.</p>
<p>*See the changelog link at bottom. Currently means 17:43 (UTC) on 2012-10-31.</p>
<p>*See the changelog link at bottom. Currently means 18:04 (UTC) on 2012-10-31.</p>
<h1 id="are-these-issues-publicly-known">Are these issues publicly known?</h1>
<p><STRONG>Of course they are.</strong> They have been reported to</p>
<ol class="incremental" style="list-style-type: decimal">

11
IRC/Supybot.html.md
View File

@ -63,9 +63,18 @@ What does this mean? Anyone can tell the bot to ghost someone else on same accou
This doesn't mean only things like CTCP actions (also known as /me), but known problems with old routers ( FF ? DCC SEND “ff???f??????????????” 0 0 0 ) which make
them reconnect to the internet.
Usage:
```
!web title <malicious.page.here>
!web fetch <malicious.page.here>
```
Note that web fetch is disabled by default.
This is currently* fixed only in Limnoria's testing version.
*See the changelog link at bottom. Currently means 17:43 (UTC) on 2012-10-31.
*See the changelog link at bottom. Currently means 18:04 (UTC) on 2012-10-31.
# Are these issues publicly known?