Alfred, we had a person join our server this morning, with the exploit,
and I was able to get him to tell me the webpage containing it...I'll
email you the script.
Jeff Bach
alfred wrote:
>
> Gentlemen,
> I am trying to test a possible exploit of Admin Mod when someone
> joins with a zero length name. I do not believe that it will cause a
> problem (we have checks for crap like this) but people have reported a
> problem (not people using commands they shouldn't but people being
> reported as admins when they are not). I want to double check that Admin
> Mod is secure against this, and I also want to track down what script
> bugs could cause this mis-reporting.
> Anyway, who can tell me how to do the exploit [:)] Please email it
> to me PRIVATELY, NOT to the list, we don't want every idiot knowing how
> to do it (I bet it screws with stats programs too [:(] ).
>
> --
> Alfred Reynolds
> [EMAIL PROTECTED]
