Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Date: Thu Aug 30 2001 - 18:35:30 CDT
I recently discovered a bug in gnut, a console/www Gnutella client for Linux
and Windows, that allows the injection of html code in the Search Result Page
of the Webfrontend.
This is done by sharing a file with html tags embedded.
test<HR>.mp3 for example
The html code will be displayed in the browser of every gnut webfrontend user,
who gets that file as a search result.
The risk is increased by the fact that the webfrontend is often run from
localhost, thus circumventing many browser security policies/settings.
localhost, while not doing so for remote hosts in general.
I contacted the author, who responded and addressed the problem quickly.
The most recent version of gnut, 0.4.27, has already been patched as I write
It is available here:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----