[PR #26] [MERGED] Fixed XSS issue #53

New issue

Closed

opened 2026-02-28 00:40:21 +03:00 by kerem · 0 comments

kerem commented 2026-02-28 00:40:21 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/telephone/LookingGlass/pull/26
Author: @ldrrp
Created: 1/19/2015
Status: ✅ Merged
Merged: 1/22/2015
Merged by: @telephone

Base: master ← Head: master

---

📝 Commits (1)

• 7fc5ecc Fixed XSS issue

📊 Changes

1 file changed (+3 additions, -3 deletions)

View changed files

📝 LookingGlass/LookingGlass.php (+3 -3)

📄 Description

Response data from commands is not escaped before printing, leading to a potential XSS attack on all sites hosting the looking glass.

This can potentially even lead to viable attacks across subdomains via session fixation. (User is tricked into going to this url, either in a hidden iframe/etc. Cookies are overwritten with attacker controlled cookies, and user logs in while still using attacker controlled cookies)

A proof of concept can be viewed by going to the URL in the looking glass:
/ajax.php?cmd=host&host=87.204.122.210

The reverse DNS record for that domain contains html which inserts an image into the page.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/telephone/LookingGlass/pull/26 **Author:** [@ldrrp](https://github.com/ldrrp) **Created:** 1/19/2015 **Status:** ✅ Merged **Merged:** 1/22/2015 **Merged by:** [@telephone](https://github.com/telephone) **Base:** `master` ← **Head:** `master` --- ### 📝 Commits (1) - [`7fc5ecc`](https://github.com/telephone/LookingGlass/commit/7fc5eccd9ba42ec57ee1501dd6fed6a9d530c932) Fixed XSS issue ### 📊 Changes **1 file changed** (+3 additions, -3 deletions) <details> <summary>View changed files</summary> 📝 `LookingGlass/LookingGlass.php` (+3 -3) </details> ### 📄 Description Response data from commands is not escaped before printing, leading to a potential XSS attack on all sites hosting the looking glass. This can potentially even lead to viable attacks across subdomains via session fixation. (User is tricked into going to this url, either in a hidden iframe/etc. Cookies are overwritten with attacker controlled cookies, and user logs in while still using attacker controlled cookies) A proof of concept can be viewed by going to the URL in the looking glass: /ajax.php?cmd=host&host=87.204.122.210 The reverse DNS record for that domain contains html which inserts an image into the page. --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-02-28 00:40:21 +03:00

• closed this issue
• added the
  pull-request
  label

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

dev

v1.3.0

v1.2.0

v1.1.0

v1.0.0

Labels

Clear labels   

enhancement

  

enhancement

  

enhancement

  

pull-request

Mirrored from GitHub Pull Request

  

v1

No labels

enhancement

enhancement

enhancement

pull-request

v1

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/LookingGlass#53

No description provided.