From owner-freebsd-www@FreeBSD.ORG  Tue Jul  4 14:11:45 2006
Return-Path: <owner-freebsd-www@FreeBSD.ORG>
X-Original-To: freebsd-www@freebsd.org
Delivered-To: freebsd-www@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7C78316A50B
	for <freebsd-www@freebsd.org>; Tue,  4 Jul 2006 14:11:45 +0000 (UTC)
	(envelope-from remko@freebsd.org)
Received: from caelis.elvandar.org (caelis.elvandar.org [217.148.169.59])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0378643DC1
	for <freebsd-www@freebsd.org>; Tue,  4 Jul 2006 14:11:07 +0000 (GMT)
	(envelope-from remko@freebsd.org)
Received: from localhost (caelis.elvandar.org [217.148.169.59])
	by caelis.elvandar.org (Postfix) with ESMTP id 9E5AB92FCE4;
	Tue,  4 Jul 2006 16:11:01 +0200 (CEST)
Received: from caelis.elvandar.org ([217.148.169.59])
	by localhost (caelis.elvandar.org [217.148.169.59]) (amavisd-new,
	port 10024)
	with ESMTP id 29753-06; Tue,  4 Jul 2006 16:11:01 +0200 (CEST)
Message-ID: <44AA76F5.9050501@FreeBSD.org>
Date: Tue, 04 Jul 2006 16:11:01 +0200
From: Remko Lodder <remko@FreeBSD.org>
User-Agent: Thunderbird 1.5.0.4 (Macintosh/20060530)
MIME-Version: 1.0
To: Joseph Koshy <joseph.koshy@gmail.com>
References: <f16b1a4d0607040131h200ef706k68faf847fd996bd7@mail.gmail.com>
	<84dead720607040708t7082fd4cm78fb51757949899e@mail.gmail.com>
In-Reply-To: <84dead720607040708t7082fd4cm78fb51757949899e@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by the elvandar.org maildomain
Cc: freebsd-www@freebsd.org, Xavier <damajor@gmail.com>
Subject: Re: FreeBSD Website: Code exposed using search in French language.
X-BeenThere: freebsd-www@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: remko@FreeBSD.org
List-Id: FreeBSD Project Webmasters <freebsd-www.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-www>,
	<mailto:freebsd-www-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-www>
List-Post: <mailto:freebsd-www@freebsd.org>
List-Help: <mailto:freebsd-www-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-www>,
	<mailto:freebsd-www-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Jul 2006 14:11:45 -0000

Joseph Koshy wrote:
>> The CGI perl code is exposed using the search engine in French
>> language. It seems that any kind of search even one letter
>> search can reproduce this bug.
> 
> Switching to the French pages on www.freebsd.org and
> searching doesn't reveal the bug.  However, invoking
> search from www.fr.freebsd.org or www.de.freebsd.org
> does end up with realms of perl code being displayed.
> 
> Apache config bug?
> 

Most probably, since mirrors do not use (and should not use)
the cgi directories they are often not configured at all
and thus displaying the contents of the perl scripts.

This is not world shocking because all the files are available
via CVS as well.

Hope this helps :)

Best regards,
Remko

-- 
Kind regards,

      Remko Lodder               ** remko@elvandar.org
      FreeBSD                    ** remko@FreeBSD.org

      /* Quis custodiet ipsos custodes */