Bug#240675: www.debian.org: redirect.pl wide open and fools people
tags 240675 patch
On Sun, Mar 28, 2004 at 07:05:30PM +0200, Bart Schuller wrote:
> As can be seen in http://slashdot.org/comments.pl?sid=102006&cid=8695895
> the redirect.pl script on cgi.debian.org can be abused. Note that it
> didn't work in galeon, but I expect this will be different for people
> using Windows.
> Perhaps some sort of referrer check is in order?
This has been pointed out before (like a week ago or so).
A patch for it by me can be found at:
Can anyone of the webmasters please investigate this?
Frank Lichtenheld <email@example.com>