Bug#240675: www.debian.org: redirect.pl wide open and fools people
tags 240675 patch
thanks
On Sun, Mar 28, 2004 at 07:05:30PM +0200, Bart Schuller wrote:
> As can be seen in http://slashdot.org/comments.pl?sid=102006&cid=8695895
> the redirect.pl script on cgi.debian.org can be abused. Note that it
> didn't work in galeon, but I expect this will be different for people
> using Windows.
>
> Perhaps some sort of referrer check is in order?
This has been pointed out before (like a week ago or so).
A patch for it by me can be found at:
http://lists.debian.org/debian-www/2004/debian-www-200403/msg00202.html
Can anyone of the webmasters please investigate this?
Gruesse,
--
Frank Lichtenheld <djpig@debian.org>
www: http://www.djpig.de/
Reply to: