source: http://www.securityfocus.com/bid/1601/info A vulnerability exists in versions 1.4.2 and earlier of the X-Chat IRC client. By supplying commands enclosed in backticks (``) in URL's sent to X-Chat, it is possible to execute arbitrary commands should the X-Chat user decide to view the link by clicking on it. This is due to the manner in which X-Chat launches pages for viewing. X-Chat launches Netscape without checking for shell metacharacters in the supplied URL. This allows for an attacker to exploit shell expansion capabilities to execute commands as the user running Netscape. http://www.altavista.com/?x=`date`y='`date`'
Related ExploitsTrying to match CVEs (1): CVE-2000-0787
Trying to match OSVDBs (1): 1524
Other Possible E-DB Search Terms: X-Chat 1.2/1.3/1.4/1.5, X-Chat
|2002-01-09||21210||X-Chat 1.x - CTCP Ping Arbitrary Remote IRC Command Execution||Marcus Meissner|
|2003-12-15||23438||X-Chat 2.0.6 - Remote Denial of Service||Stefan Hecker|
|2011-05-24||35791||Ajax Chat 1.0 - 'ajax-chat.php' Cross-Site Scripting||High-Tech Bridge SA|