gnut gnutella client html injection
From: p@phk.atDate: 08/31/01
- Previous message: Keith Stevenson: "Re: ISS Advisory: Remote Buffer Overflow Vulnerability in BSD Line Printer Daemon"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 31 Aug 2001 01:35:30 +0200 From: p@phk.at To: bugtraq@securityfocus.com Subject: gnut gnutella client html injection Message-ID: <20010831013530.A5226@spartakus.turithil.org>
Hello
I recently discovered a bug in gnut, a console/www Gnutella client for Linux
and Windows, that allows the injection of html code in the Search Result Page
of the Webfrontend.
This is done by sharing a file with html tags embedded.
test<HR>.mp3 for example
More complex things are possible with Javascript and shared Subdirectories.
The html code will be displayed in the browser of every gnut webfrontend user,
who gets that file as a search result.
The risk is increased by the fact that the webfrontend is often run from
localhost, thus circumventing many browser security policies/settings.
This was true for my browser settings which allowed javascript from
localhost, while not doing so for remote hosts in general.
I contacted the author, who responded and addressed the problem quickly.
The most recent version of gnut, 0.4.27, has already been patched as I write
this.
It is available here:
http://www.gnutelliums.com/linux_unix/gnut/tars/gnut-0.4.27.tar.gz
Philipp Krammer
- application/pgp-signature attachment: stored
- Previous message: Keith Stevenson: "Re: ISS Advisory: Remote Buffer Overflow Vulnerability in BSD Line Printer Daemon"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
