Permalink
Switch branches/tags
Commits on Jan 30, 2016
  1. Temporarily remove demo

    telephone committed Jan 30, 2016
Commits on Jan 26, 2015
  1. Bump release to v1.3.0

    telephone committed Jan 26, 2015
  2. Normalize header size

    telephone committed Jan 26, 2015
  3. Match all known files in subdirectory.

    telephone committed Jan 26, 2015
    Overkill, but used in dev as a directory filter
    would block all access:
    (/LookingGlass/LookingGlass/file.php)
Commits on Jan 25, 2015
  1. Add a lazy config check

    telephone committed Jan 25, 2015
Commits on Jan 24, 2015
  1. Add .htaccess to restrict LG sub directory.

    telephone committed Jan 24, 2015
    Fixes readable rate-limit database on Apache
  2. Update JQuery to v1.11.1

    telephone committed Jan 24, 2015
  3. Update Bootstrap to v2.3.2

    telephone committed Jan 24, 2015
  4. Update XMLHttpRequest.js

    telephone committed Jan 24, 2015
Commits on Jan 22, 2015
  1. Merge pull request #26 from TechReanimate/master

    telephone committed Jan 22, 2015
    Fixed RDNS XSS
Commits on Jan 19, 2015
  1. Fixed XSS issue

    ldrrp committed Jan 19, 2015
    Response data from commands is not escaped before printing, leading to a potential XSS attack on all sites hosting the looking glass.
    
    This can potentially even lead to viable attacks across subdomains via session fixation. (User is tricked into going to this url, either in a hidden iframe/etc. Cookies are overwritten with attacker controlled cookies, and user logs in while still using attacker controlled cookies)
    
    A proof of concept can be viewed by going to the URL in the looking glass:
    /ajax.php?cmd=host&host=87.204.122.210
    
    The reverse DNS record for that domain contains html which inserts an image into the page.
Commits on Oct 3, 2012
  1. Update requirements

    telephone committed Oct 3, 2012
Commits on Oct 2, 2012
  1. Bump to 1.2.0 release

    telephone committed Oct 2, 2012
    Merge dev with master
Commits on Sep 24, 2012
  1. Bump to 1.1.0 release

    telephone committed Sep 24, 2012
  2. Bump to 1.1.0 release

    telephone committed Sep 24, 2012
  3. Changed Header length

    telephone committed Sep 24, 2012
  4. Fix MTR for RHEL OS's

    telephone committed Sep 24, 2012
  5. Fixed 'elif' error

    telephone committed Sep 24, 2012
  6. Fix Host install on CentOS

    telephone committed Sep 24, 2012