[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security patch for botnow

[Thread Prev] | [Thread Next]

Subject: Security patch for botnow
From: jrmu <jrmu@xxxxxxxxxx>
Date: Thu, 26 Aug 2021 12:45:42 +0800
To: codeforce@xxxxxxxxxx

Hi,

In the last few weeks, a cracker by the nick yellowpepper / moro on dalnet has
been registering admin accounts using botnow. He took advantage of a bug that
failed to perform proper validation when registering.

bountyht, can you please apply this patch to the botnow repo?

--- BNC.pm      Tue Jul 20 08:42:37 2021
+++ BNC.pm.new  Wed Aug 25 23:43:20 2021
@@ -211,6 +211,7 @@
                foreach my $user (@users) {
                        if ($user eq $username) {
                                main::putserv($bot, "PRIVMSG $nick :Sorry, username taken. Please contact staff if you need help.");
+                               return;
                        }
                }
                #my $captcha = join'', map +(0..9,'a'..'z','A'..'Z')[rand(10+26*2)], 1..4;

I have already applied this to every team's botnow.

jrmu
IRCNow

Attachment: signature.asc
Description: PGP signature