Gossamer Forum
Home : Gossamer Threads Inc. : Official Bug Fixes :

[Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability

Quote Reply
[Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
A minor XSS vulnerability was recently found in the Links SQL 2.x and GLinks 3.0.0 templates. The vulnerability allows someone to generate urls, which if visited by a user, can disclose information such as cookie data.

Versions affected:
Gossamer Links 3.0.0
Links SQL 2.x

Versions not affected:
Gossamer Links 3.0.1 and higher

Solution:
For Gossamer Links 3.0.0 users, upgrade to 3.0.1 (or the current latest version) and merge the changes into your customised templates (see the template diffs). For Links SQL 2.x users (or users still using 2.x templates), you must update your templates to html escape input. To do this you must edit all the templates and change any places where template tags are used as element attribute values. When updating your templates, there are 3 things that need updating:

1) <input ... value="<%template_var%>">
2) <frame ... src="<%template_var%>">
3) <textarea><%template_var%></textarea>

These need to be changed to:

1) <input ... value="<%escape_html template_var%>">
2) <frame ... src="<%escape_html template_var%>">
3) <textarea><%escape_html template_var%></textarea>

If your directory does not allow html in any link info (eg. link descriptions, reviews, etc) then you can not modify your templates and just add an option to GT::Template to html escape all variables. To do this, edit admin/Links.pm (it's on a different line depending on the version you have installed) in "sub user_page", before it calls GT::Template->parse(...), add the following line:
Code:
$opts->{escape} = 1;

Adrian

Last edited by:

brewt: Oct 14, 2005, 12:42 AM
Subject Author Views Date
Thread [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability brewt 35778 Apr 21, 2005, 2:03 PM
Thread Post deleted by Alba
Alba 35107 Apr 22, 2005, 3:01 AM
Post Re: [Alba] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
Andy 35086 Apr 22, 2005, 3:17 AM
Thread Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
pugdog 35061 Apr 22, 2005, 6:55 AM
Thread Re: [pugdog] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
brewt 35071 Apr 22, 2005, 12:32 PM
Thread Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
Alba 35022 Apr 26, 2005, 7:34 AM
Thread Re: [Alba] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
brewt 34991 Apr 26, 2005, 4:28 PM
Thread Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
Alba 35004 Apr 27, 2005, 1:03 AM
Thread Re: [Alba] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
brewt 35031 Apr 27, 2005, 1:08 AM
Thread Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
pugdog 34978 Apr 27, 2005, 6:46 AM
Thread Re: [pugdog] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
brewt 34989 Apr 27, 2005, 11:13 AM
Post Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
webmaster33 34962 Apr 28, 2005, 5:18 AM
Thread Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
eljot 30743 May 5, 2008, 11:43 PM
Post Re: [eljot] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
brewt 30680 May 5, 2008, 11:59 PM