Shortly afterwards, @pry0cc found out that if you change your nickname to a command such as echo, then type in this: “@topic 882;something”, the command would be executed with “something” as an argument. The problem lied in the way the bot interfaced with discourse, by executing a shell command to run a ruby script.
7 Likes
I can personally attest to the fallacies of popen. I just had to blacklist more than a dozen characters so that my system wouldn’t explode. AFAIK, I was only vulnerable to single-word commands, like ls.
3 Likes
We pwned your bot xD
1 Like
Do you mind including the code, and how the exploit worked? I’ll do a detailed write-up tommorow.
Look what I found in a file called test:
Looking up Google.com
Location: Mountain View, CA, United States
Weather right now:
e[38;5;226m \ / e[0m Sunny
e[38;5;226m .-. e[0m e[38;5;226m75e[0m – e[38;5;220m77e[0m °Fe[0m
e[38;5;226m ― ( ) ― e[0m e[1m↘e[0m e[38;5;220m10e[0m mphe[0m
e[38;5;226m `-’ e[0m 9 mie[0m
e[38;5;226m / \ e[0m 0.0 ine[0m
@Joe_Schmoe, it seems it worked.
1 Like
It’s probably a leftover from when you didn’t have “>” blacklisted and I did “@iplookup google.com>>test”
1 Like
Yeah the C code for your bot.
I am on IRC, nothing happens.
I leave for a few hours, then this shit happens…
fml
-Phoenix750
3 Likes
I feel ya mate 
I’m considering making an alert bot that links with my phone via Push bullet so.that people can get hold of me, sort of an IRC pager. Would you wanna be on the bot?
1 Like
You should tell me more about it when I get on IRC later today.
-Phoenix750