https://www.exploit-db.com/exploits/20161
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200010-031

IRCXchatclient1.4.2及其之前的版本存在漏洞。远程攻击者可以通过创建web浏览器的XChatURLshell元字符编码执行任意命令。

source: http://www.securityfocus.com/bid/1601/info

A vulnerability exists in versions 1.4.2 and earlier of the X-Chat IRC client. By supplying commands enclosed in backticks (``) in URL's sent to X-Chat, it is possible to execute arbitrary commands should the X-Chat user decide to view the link by clicking on it. This is due to the manner in which X-Chat launches pages for viewing.

X-Chat launches Netscape without checking for shell metacharacters in the supplied URL. This allows for an attacker to exploit shell expansion capabilities to execute commands as the user running Netscape.

http://www.altavista.com/?x=`date`y='`date`'

来源:BID
名称:1601
链接:http://www.securityfocus.com/bid/1601
来源:BUGTRAQ
名称:20000825ConectivaLinuxSecurityAnnouncement-xchat
链接:http://archives.neohapsis.com/archives/bugtraq/2000-08/0305.html
来源:BUGTRAQ
名称:20000824MDKSA-2000:039-xchatupdate
链接:http://archives.neohapsis.com/archives/bugtraq/2000-08/0301.html
来源:BUGTRAQ
名称:20000817XChatURLhandlervulnerabilty
链接:http://archives.neohapsis.com/archives/bugtraq/2000-08/0215.html
来源:REDHAT
名称:RHSA-2000:055
链接:http://www.redhat.com/support/errata/RHSA-2000-055.html