• English
  • עברית עברית
  • Français Français
  • Nederlands Nederlands
  • Suomi Suomi
  • Deutsch Deutsch
  • Svenska Svenska

Latest News

New partner: HostSailor

New partner and server from HostSailor The amazing people at HostSailor.com have joined QuakeNet as partners and sponsored a new server hosted in Bucharest, Romania. You can access the server using the hostname hostsailor.ro.quakenet.org and the server will be part ...

Read the rest 0 comments

ESA Summer Online 2020

ESA Summer Online ESA Summer Online 2020 will be running in the place of ESA Summer, with ESA Summer postponed to October. ESA is a week-long event, with the primary goal of raising money for a charity. ESA Summer Online ...

Read the rest 0 comments

ESA Corona Relief

ESA Corona Relief ESA Corona Relief is a weekend online marathon that will feature speedrunners and score-attackers from all around the world. ESA Together will be ran in aid of the Save the Children Coronavirus Emergency Appeal. ESACR will run ...

Read the rest 0 comments

Q chanlev vulnerability -

Posted by cro on Thursday 07 February 2002

A flaw has been discovered in the chanlev command of Q, the channel service bot. It revolves around the way chanlev parses the command passed to it. What this means is that it is possible to grant someone owner status (+n) in your channel without actually realising it.

The flaw happens when you type a word containing 'n' as part of the chanlev command. For example:

chanlev #channel #nick +ano will grant the user #nick owner status, as you have specifically granted this flag.
chanlev #channel #nick +ao/n will also grant the person owner status.

We have seen a number of users who have been tricked into typing **chanlev

channel #nick +av/only!** - which grants the owner (+n) flag. We consider

this to be an exploit of Q and any user who tricks a channel owner into using this command to steal the channel owner flag will be dealt with appropriately.

Please log in to post comments.
There aren't any comments for this news post.