# Telephone LookingGlass RDNS XSS Vulnerability Patch



## HalfEatenPie (Jan 23, 2015)

Howdy!

I'd figure I'll put in a forum thread announcement about this because Telephone's awesome looking glass has now become kind of an industry standard!  

As stated here:



> Notice 2015-01-22
> An RDNS XSS was disclosed which has been patched by a temporary fix (thanks @ldrrp). To patch, simply replace LookingGlass/LookingGlass.php with the patched version found here: LookingGlass.php
> 
> A maintenance/security release will be issued before 2015-01-26, which will include a number of patches for v1.


So please update your looking glass!  

Thanks!


----------



## Aldryic C'boas (Jan 23, 2015)

255c255
< echo str_pad(htmlspecialchars($str) . '<br />-- Traceroute timed out --<br />', 1024, ' ', STR_PAD_RIGHT);
---
> echo str_pad($str . '<br />-- Traceroute timed out --<br />', 1024, ' ', STR_PAD_RIGHT);
264c264
< echo str_pad(htmlspecialchars($str) . '<br />', 1024, ' ', STR_PAD_RIGHT);
---
> echo str_pad($str . '<br />', 1024, ' ', STR_PAD_RIGHT);

That makes me sad -_-


----------



## DomainBop (Jan 23, 2015)

HalfEatenPie said:


> Howdy!
> 
> I'd figure I'll put in a forum thread announcement about this because Telephone's awesome looking glass has now become kind of an industry standard!


I'm using the python modification... https://github.com/ramnode/LookingGlass


----------



## HalfEatenPie (Jan 23, 2015)

DomainBop said:


> I'm using the python modification... https://github.com/ramnode/LookingGlass


That's nice.  I just love all the forks that came from Telephone's LookingGlass


----------



## drmike (Jan 23, 2015)

DomainBop said:


> I'm using the python modification... https://github.com/ramnode/LookingGlass


Yeah it's nice....  Strange though to see an InMotionHosting employee doing python coding that gets pushed out as RamNode's thing though


----------



## Nick_A (Jan 23, 2015)

"former"


----------

