;alert('bug');lt;scriptgt;lt;any
tag= etc.gt;
The exploit form is here:
http://members.fortunecity.it/lethalman2002/bugs/splatt.html
by Lethal Lab (Lethalman)
to SEGFAULT because it don't find that nick
(eg. hub.server.net).
In fact, if you say: '/msg operserv raw : privmsg #chan
bye' the nick is hub.server.net and not OperServ.
Solutions?
Filter operserv.c in function do_raw or filter ircd
function m_join in s_user.c
Lethal Lab Member (Lethalman)
The block-Forums.php file have a vuln if an attacker
insert a malformatted subject to a topic of Splatt
Forum. A type of subject is:
lt;scriptgt;alert('bug');lt;/scriptgt;
The 'alt' tag is closed by and the other text is
normal html. This bug is very bad if a subject is:
