Bug#240675: www.debian.org: redirect.pl wide open and fools people

To: Bart Schuller <schuller@debian.org>, 240675@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Bug#240675: www.debian.org: redirect.pl wide open and fools people
From: Frank Lichtenheld <djpig@debian.org>
Date: Tue, 30 Mar 2004 14:53:57 +0200
Message-id: <[🔎] 20040330125357.GF1153@djpig.de>
Reply-to: Frank Lichtenheld <djpig@debian.org>, 240675@bugs.debian.org
In-reply-to: <[🔎] 20040328170530.F04E37FCBE@localhost>
References: <[🔎] 20040328170530.F04E37FCBE@localhost>

tags 240675 patch
thanks

On Sun, Mar 28, 2004 at 07:05:30PM +0200, Bart Schuller wrote:
> As can be seen in http://slashdot.org/comments.pl?sid=102006&cid=8695895
> the redirect.pl script on cgi.debian.org can be abused. Note that it
> didn't work in galeon, but I expect this will be different for people
> using Windows.
> 
> Perhaps some sort of referrer check is in order?

This has been pointed out before (like a week ago or so).
A patch for it by me can be found at:
http://lists.debian.org/debian-www/2004/debian-www-200403/msg00202.html

Can anyone of the webmasters please investigate this?

Gruesse,
-- 
Frank Lichtenheld <djpig@debian.org>
www: http://www.djpig.de/

Reply to:

Follow-Ups:
- Processed: Re: Bug#240675: www.debian.org: redirect.pl wide open and fools people
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

References:
- Bug#240675: www.debian.org: redirect.pl wide open and fools people
  - From: Bart Schuller <schuller@debian.org>

Prev by Date: Re: Proposal: Document reasons for unpackeable software
Next by Date: Processed: Re: Bug#240675: www.debian.org: redirect.pl wide open and fools people
Previous by thread: Bug#240675: www.debian.org: redirect.pl wide open and fools people
Next by thread: Processed: Re: Bug#240675: www.debian.org: redirect.pl wide open and fools people
Index(es):
- Date
- Thread