Gossamer Forum
Home : Gossamer Threads Inc. : Official Bug Fixes :

[Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability

Quote Reply
[Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
A minor XSS vulnerability was recently found in the Links SQL 2.x and GLinks 3.0.0 templates. The vulnerability allows someone to generate urls, which if visited by a user, can disclose information such as cookie data.

Versions affected:
Gossamer Links 3.0.0
Links SQL 2.x

Versions not affected:
Gossamer Links 3.0.1 and higher

Solution:
For Gossamer Links 3.0.0 users, upgrade to 3.0.1 (or the current latest version) and merge the changes into your customised templates (see the template diffs). For Links SQL 2.x users (or users still using 2.x templates), you must update your templates to html escape input. To do this you must edit all the templates and change any places where template tags are used as element attribute values. When updating your templates, there are 3 things that need updating:

1) <input ... value="<%template_var%>">
2) <frame ... src="<%template_var%>">
3) <textarea><%template_var%></textarea>

These need to be changed to:

1) <input ... value="<%escape_html template_var%>">
2) <frame ... src="<%escape_html template_var%>">
3) <textarea><%escape_html template_var%></textarea>

If your directory does not allow html in any link info (eg. link descriptions, reviews, etc) then you can not modify your templates and just add an option to GT::Template to html escape all variables. To do this, edit admin/Links.pm (it's on a different line depending on the version you have installed) in "sub user_page", before it calls GT::Template->parse(...), add the following line:
Code:
$opts->{escape} = 1;

Adrian

Last edited by:

brewt: Oct 14, 2005, 12:42 AM
Subject Author Views Date
Thread [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability brewt 36551 Apr 21, 2005, 2:03 PM
Thread Post deleted by Alba
Alba 35872 Apr 22, 2005, 3:01 AM
Post Re: [Alba] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
Andy 35850 Apr 22, 2005, 3:17 AM
Thread Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
pugdog 35826 Apr 22, 2005, 6:55 AM
Thread Re: [pugdog] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
brewt 35836 Apr 22, 2005, 12:32 PM
Thread Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
Alba 35787 Apr 26, 2005, 7:34 AM
Thread Re: [Alba] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
brewt 35756 Apr 26, 2005, 4:28 PM
Thread Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
Alba 35769 Apr 27, 2005, 1:03 AM
Thread Re: [Alba] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
brewt 35796 Apr 27, 2005, 1:08 AM
Thread Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
pugdog 35743 Apr 27, 2005, 6:46 AM
Thread Re: [pugdog] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
brewt 35754 Apr 27, 2005, 11:13 AM
Post Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
webmaster33 35726 Apr 28, 2005, 5:18 AM
Thread Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
eljot 31508 May 5, 2008, 11:43 PM
Post Re: [eljot] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
brewt 31445 May 5, 2008, 11:59 PM