7012596 2001-08-31 01:35 +0200 /26 rader/ <p@phk.at> Sänt av: joel@lysator.liu.se Importerad: 2001-08-31 01:59 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <19011> Ärende: gnut gnutella client html injection ------------------------------------------------------------ Hello I recently discovered a bug in gnut, a console/www Gnutella client for Linux and Windows, that allows the injection of html code in the Search Result Page of the Webfrontend. This is done by sharing a file with html tags embedded. test<HR>.mp3 for example More complex things are possible with Javascript and shared Subdirectories. The html code will be displayed in the browser of every gnut webfrontend user, who gets that file as a search result. The risk is increased by the fact that the webfrontend is often run from localhost, thus circumventing many browser security policies/settings. This was true for my browser settings which allowed javascript from localhost, while not doing so for remote hosts in general. I contacted the author, who responded and addressed the problem quickly. The most recent version of gnut, 0.4.27, has already been patched as I write this. It is available here: http://www.gnutelliums.com/linux_unix/gnut/tars/gnut-0.4.27.tar.gz Philipp Krammer (7012596) / <p@phk.at>/-------------------(Ombruten) Bilaga (application/pgp-signature) i text 7012597 7012597 2001-08-31 01:35 +0200 /10 rader/ <p@phk.at> Importerad: 2001-08-31 01:59 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <19012> Bilaga (text/plain) till text 7012596 Ärende: Bilaga till: gnut gnutella client html injection ------------------------------------------------------------ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7js3CqFAo9sPY06MRAgJgAKDWYCqyWRhGPHGHizPTip6ARdrjogCdEkfY hWQQxnEIzeRFpiON/o1CTYo= =DK4k -----END PGP SIGNATURE----- (7012597) / <p@phk.at>/-----------------------------