• English
  • עברית עברית
  • Français Français
  • Nederlands Nederlands
  • Suomi Suomi
  • Deutsch Deutsch
  • Svenska Svenska

Latest News

ESA Corona Relief

ESA Corona Relief ESA Corona Relief is a weekend online marathon that will feature speedrunners and score-attackers from all around the world. ESA Together will be ran in aid of the Save the Children Coronavirus Emergency Appeal. ESACR will run ...

Read the rest 0 comments

Corona Relief Done Quick

Corona Relief Done Quick GDQ will be holding an online marathon; Corona Relief Done Quick. One hundred percent of all CRDQ donations will go directly to Direct Relief, a humanitarian aid organization with a mission to improve the health and ...

Read the rest 0 comments

ESA Together

ESA Together ESA Together is a week-long online marathon that will feature speedrunners and score-attackers from all around the world. We invite everybody, be it ESA regulars or first-timers, to throw their hats into the ring and submit their best ...

Read the rest 0 comments

Q chanlev vulnerability -

Posted by cro on Thursday 07 February 2002

A flaw has been discovered in the chanlev command of Q, the channel service bot. It revolves around the way chanlev parses the command passed to it. What this means is that it is possible to grant someone owner status (+n) in your channel without actually realising it.

The flaw happens when you type a word containing 'n' as part of the chanlev command. For example:

chanlev #channel #nick +ano will grant the user #nick owner status, as you have specifically granted this flag.
chanlev #channel #nick +ao/n will also grant the person owner status.

We have seen a number of users who have been tricked into typing **chanlev

channel #nick +av/only!** - which grants the owner (+n) flag. We consider

this to be an exploit of Q and any user who tricks a channel owner into using this command to steal the channel owner flag will be dealt with appropriately.

Please log in to post comments.
There aren't any comments for this news post.