August 31, 2001

Gnut Gnutella client HTML injection

Author: JT Smith

From Net-Security.org: "I recently discovered a bug in gnut, a console/www
Gnutella client for Linux and Windows, that allows the
injection of html code in the Search Result Page of the
Webfrontend.

This is done by sharing a file with html tags embedded.
test<.hr>.mp3 for example More complex things are possible
with Javascript and shared Subdirectories. The html code
will be displayed in the browser of every gnut webfrontend
user, who gets that file as a search result."

Category:

  • Linux
Click Here!