UnrealIRCd Forums

Bugtraq will not let me sign up for an account, it gives php errors, and i have a bug to report.

I wont describe it in detail here, because I don't think i am supposed to, but there is a way for a normal user, (non-oper), to see the nicks of all people and/or bots on a channel that is set +u. I assumed that this is a pretty bad bug, as one of the main reasons of a +u channel is to hide the nicks of clients. Please, some1 on the devel team, respond to this with a pm or some login info for bugtraq so I may show somebody the specifics.

Thanx in advance,

nkarki7

[email protected] is the list that only the coders receive. So that would be the best place to send any info. However, from what you described, I wouldn't really term this a security bug. The main reason of +u is to prevent side-conversations, not really to hide the user's identities. In theory, you could learn everyone in the channel simply by staying there long enough until everyone has said something.

Also, this will work on channels that are +m, so even if the users cannot speak you can find out who they are.

Well, I sorta feel stupid now, but if ne1 still wants the info just lemme know.........

As mentioned, +u's purpose is not to hide everyone for security reasons or whatever.
Rather, it doesn't show join/parts to normal users (and thus also not quits, nickchanges, bla..).
It's made for celebrity chat alike things or other semi-one-way chats (like I've a news channel which is +mu where a bot posts news).. it's more like not to show useless join/parts.
I mean, if you for example /whois someone you'll simply see that (s)he's in the chan :).

Ah you ment the bugracker? http://bugs.unrealircd.org/ ?
If you tried to register with 'nkarki7', then that account already exists.. Try another username. (lost pass? ;p)

Yeah, i tried to sign up with that name, and when i clicked ok on the form, it spat out php errors at me, so i never got a conformation email.....
see below...



This is the result of me entering a desired name and an email addy:

--------------------------------------

UnrealIRCd Bug Tracker

Warning: Cannot modify header information - headers already sent by (output started at /home/bugs/public_html/core/html_api.php:139) in /home/bugs/public_html/core/gpc_api.php on line 220

Warning: Cannot modify header information - headers already sent by (output started at /home/bugs/public_html/core/html_api.php:139) in /home/bugs/public_html/core/print_api.php on line 37

Warning: Cannot modify header information - headers already sent by (output started at /home/bugs/public_html/core/html_api.php:139) in /home/bugs/public_html/core/print_api.php on line 39

Warning: Cannot modify header information - headers already sent by (output started at /home/bugs/public_html/core/html_api.php:139) in /home/bugs/public_html/core/print_api.php on line 44

Like I said.. try another username :).

I've already notified the mantis team a few months ago about this, so I presume it will be fixed in a next version.

During previous upgrade I manually patched it, but not this time.

[sorry aquanight but your post was really offtopic and it didn't make sence to tell it to either of us ;p]

I've tried 3 different names

Nada. I get the same error.

Could tell me which names you tried, and which email address you used? Then I'll see if I can play around a bit.

Even better, mail me me personally at syzop AT unrealircd DOT com about that ;)