[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#240675: www.debian.org: redirect.pl wide open and fools people

tags 240675 patch

On Sun, Mar 28, 2004 at 07:05:30PM +0200, Bart Schuller wrote:
> As can be seen in http://slashdot.org/comments.pl?sid=102006&cid=8695895
> the redirect.pl script on cgi.debian.org can be abused. Note that it
> didn't work in galeon, but I expect this will be different for people
> using Windows.
> Perhaps some sort of referrer check is in order?

This has been pointed out before (like a week ago or so).
A patch for it by me can be found at:

Can anyone of the webmasters please investigate this?

Frank Lichtenheld <djpig@debian.org>
www: http://www.djpig.de/

Reply to: