[22470] in bugtraq
gnut gnutella client html injection
daemon@ATHENA.MIT.EDU (p@phk.at)
Thu Aug 30 19:50:49 2001
Date: Fri, 31 Aug 2001 01:35:30 +0200
From: p@phk.at
To: bugtraq@securityfocus.com
Message-ID: <20010831013530.A5226@spartakus.turithil.org>
Mail-Followup-To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="Q68bSM7Ycu6FN28Q"
Content-Disposition: inline
--Q68bSM7Ycu6FN28Q
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hello
I recently discovered a bug in gnut, a console/www Gnutella client for Linu=
x=20
and Windows, that allows the injection of html code in the Search Result Pa=
ge
of the Webfrontend.
This is done by sharing a file with html tags embedded.
test<HR>.mp3 for example
More complex things are possible with Javascript and shared Subdirectories.
The html code will be displayed in the browser of every gnut webfrontend us=
er,
who gets that file as a search result.
The risk is increased by the fact that the webfrontend is often run from=20
localhost, thus circumventing many browser security policies/settings.
This was true for my browser settings which allowed javascript from=20
localhost, while not doing so for remote hosts in general.
I contacted the author, who responded and addressed the problem quickly.
The most recent version of gnut, 0.4.27, has already been patched as I writ=
e=20
this.
It is available here:=20
http://www.gnutelliums.com/linux_unix/gnut/tars/gnut-0.4.27.tar.gz
Philipp Krammer
--Q68bSM7Ycu6FN28Q
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7js3CqFAo9sPY06MRAgJgAKDWYCqyWRhGPHGHizPTip6ARdrjogCdEkfY
hWQQxnEIzeRFpiON/o1CTYo=
=DK4k
-----END PGP SIGNATURE-----
--Q68bSM7Ycu6FN28Q--
