CVE-2002-0006

XChat <= 1.8.7 - Remote IRC Command Execution via CTCP PING Response

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0006. PoCs published by Marcus Meissner.

AI-analyzed exploit summary The exploit describes a vulnerability in X-Chat where CTCP ping requests with escaped newline characters can execute additional IRC commands, potentially granting operator status or enabling social engineering attacks. The vulnerability is mitigated in versions after 1.4.3 by disabling character expansion by default.

Description

XChat 1.8.7 and earlier, including default configurations of 1.4.2 and 1.4.3, allows remote attackers to execute arbitrary IRC commands as other clients via encoded characters in a PRIVMSG command that calls CTCP PING, which expands the characters in the client response when the percascii variable is set.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Marcus Meissner · textremotelinux

https://www.exploit-db.com/exploits/21210

View Code ZIP pw:eip

The exploit describes a vulnerability in X-Chat where CTCP ping requests with escaped newline characters can execute additional IRC commands, potentially granting operator status or enabling social engineering attacks. The vulnerability is mitigated in versions after 1.4.3 by disabling character expansion by default.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: X-Chat < 1.4.3

No auth needed

Prerequisites: Vulnerable X-Chat client connected to an IRC server

MITRE ATT&CK