Gossamer Forum
Home : Gossamer Threads Inc. : Official Bug Fixes :

[Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability

Quote Reply
[Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
A minor XSS vulnerability was recently found in the Links SQL 2.x and GLinks 3.0.0 templates. The vulnerability allows someone to generate urls, which if visited by a user, can disclose information such as cookie data.

Versions affected:
Gossamer Links 3.0.0
Links SQL 2.x

Versions not affected:
Gossamer Links 3.0.1 and higher

Solution:
For Gossamer Links 3.0.0 users, upgrade to 3.0.1 (or the current latest version) and merge the changes into your customised templates (see the template diffs). For Links SQL 2.x users (or users still using 2.x templates), you must update your templates to html escape input. To do this you must edit all the templates and change any places where template tags are used as element attribute values. When updating your templates, there are 3 things that need updating:

1) <input ... value="<%template_var%>">
2) <frame ... src="<%template_var%>">
3) <textarea><%template_var%></textarea>

These need to be changed to:

1) <input ... value="<%escape_html template_var%>">
2) <frame ... src="<%escape_html template_var%>">
3) <textarea><%escape_html template_var%></textarea>

If your directory does not allow html in any link info (eg. link descriptions, reviews, etc) then you can not modify your templates and just add an option to GT::Template to html escape all variables. To do this, edit admin/Links.pm (it's on a different line depending on the version you have installed) in "sub user_page", before it calls GT::Template->parse(...), add the following line:
Code:
$opts->{escape} = 1;

Adrian

Last edited by:

brewt: Oct 14, 2005, 12:42 AM
Subject Author Views Date
Thread [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability brewt 60154 Apr 21, 2005, 2:03 PM
Thread Post deleted by Alba
Alba 59137 Apr 22, 2005, 3:01 AM
Post Re: [Alba] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
Andy 59106 Apr 22, 2005, 3:17 AM
Thread Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
pugdog 59103 Apr 22, 2005, 6:55 AM
Thread Re: [pugdog] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
brewt 59093 Apr 22, 2005, 12:32 PM
Thread Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
Alba 59049 Apr 26, 2005, 7:34 AM
Thread Re: [Alba] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
brewt 59023 Apr 26, 2005, 4:28 PM
Thread Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
Alba 59021 Apr 27, 2005, 1:03 AM
Thread Re: [Alba] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
brewt 59075 Apr 27, 2005, 1:08 AM
Thread Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
pugdog 58999 Apr 27, 2005, 6:46 AM
Thread Re: [pugdog] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
brewt 59016 Apr 27, 2005, 11:13 AM
Post Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
webmaster33 58979 Apr 28, 2005, 5:18 AM
Thread Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
eljot 54767 May 5, 2008, 11:43 PM
Post Re: [eljot] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
brewt 54694 May 5, 2008, 11:59 PM