Telephone LookingGlass RDNS XSS Vulnerability Patch

[HalfEatenPie]

Howdy!

I'd figure I'll put in a forum thread announcement about this because Telephone's awesome looking glass has now become kind of an industry standard!  

As stated here:

Notice 2015-01-22
An RDNS XSS was disclosed which has been patched by a temporary fix (thanks @ldrrp). To patch, simply replace LookingGlass/LookingGlass.php with the patched version found here: LookingGlass.php

A maintenance/security release will be issued before 2015-01-26, which will include a number of patches for v1.

So please update your looking glass!  

Thanks!

 

[Aldryic C'boas]

255c255
< echo str_pad(htmlspecialchars($str) . '<br />-- Traceroute timed out --<br />', 1024, ' ', STR_PAD_RIGHT);
---
> echo str_pad($str . '<br />-- Traceroute timed out --<br />', 1024, ' ', STR_PAD_RIGHT);
264c264
< echo str_pad(htmlspecialchars($str) . '<br />', 1024, ' ', STR_PAD_RIGHT);
---
> echo str_pad($str . '<br />', 1024, ' ', STR_PAD_RIGHT);

That makes me sad -_-

 

[DomainBop]

Howdy!

I'd figure I'll put in a forum thread announcement about this because Telephone's awesome looking glass has now become kind of an industry standard! 

I'm using the python modification... https://github.com/ramnode/LookingGlass

 

[HalfEatenPie]

I'm using the python modification... https://github.com/ramnode/LookingGlass

That's nice.  I just love all the forks that came from Telephone's LookingGlass

 

[drmike]

I'm using the python modification... https://github.com/ramnode/LookingGlass

Yeah it's nice....  Strange though to see an InMotionHosting employee doing python coding that gets pushed out as RamNode's thing though

 

[Nick_A]

"former"