View Single Post
  #1 (permalink)  
Old June 21st, 2005
ultracross's Avatar
ultracross ultracross is offline
FrostWire Developer
Join Date: February 7th, 2005
Posts: 815
ultracross is flying high
Default action metadata problem/bug/vunerability

yea, im not quite sure where to put this one, but some people have got the smart idea to set up a "sponsored" gnutella bot on the network, and when you try to download this result, it opens up a browser or just uses the one currently up and redirects you to a webpage.

and while you cant download this file at all because limewire will just keep reading the action metadata and sending you to some page, (auto-launching action) i moused-over to see the metadata, and their was an action that had the directing URL in its place.

some bug in limewire or is this meant to happen? because this is a definate vulnerability. cause someone in the wrong mind can maliciously send someone to a page that will install a trojan by some vulnerabilitys of the browser...

definately get this fixed asap. if someone already found out that they can exploit it for profit, then someone will eventually exploit it for malice.

btw, the url in its action was:

where XX is some ID number of top results listed.

i did a small bit of investigating, and it seems this is related to a limewire rip-off clone

and it also seems like this modified limewire client was modified so all these "sponsored" results would be at the fault of the user, giving out hundreds of sponsored ads without gnoozle having to spend bandwidth doing it..

man, sometimes i think its conspiracy.