Quassel IRC client command injection
news
/
advisories
/
forum
/
software
/
advertising
/
search
/
exploits
[EN]
securityvulns.ru
no-pyccku
Quassel IRC client command injection
Published:
30.10.2008
Source:
BUGTRAQ
SecurityVulns ID:
9395
Type:
client
Level:
5
/10
Description:
A CTCP ping where the value contains a CTCP quoted newline ('\020' + 'n') will let the Quassel core reply with a message containing an unquoted newline ('\n'). The IRC server interprets this as a command separator.
Affected:
QUASSELIRC
:
Quassel IRC 0.3
Original document
Wouter Coekaerts
,
Quassel IRC: connection hijacking
(
30.10.2008
)
Discuss:
Read or add your comments to this news (0 comments)
About
|
Terms of use
|
Privacy Policy
©
SecurityVulns
,
3APA3A
, Vladimir Dubrovin
Nizhny Novgorod
Enter your search terms
Web
securityvulns.com
Submit search form
test server
