Date: Tue, 04 Jul 2006 16:11:01 +0200 From: Remko Lodder <remko@FreeBSD.org> To: Joseph Koshy <joseph.koshy@gmail.com> Cc: freebsd-www@freebsd.org, Xavier <damajor@gmail.com> Subject: Re: FreeBSD Website: Code exposed using search in French language. Message-ID: <44AA76F5.9050501@FreeBSD.org> In-Reply-To: <84dead720607040708t7082fd4cm78fb51757949899e@mail.gmail.com> References: <f16b1a4d0607040131h200ef706k68faf847fd996bd7@mail.gmail.com> <84dead720607040708t7082fd4cm78fb51757949899e@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Joseph Koshy wrote:
>> The CGI perl code is exposed using the search engine in French
>> language. It seems that any kind of search even one letter
>> search can reproduce this bug.
>
> Switching to the French pages on www.freebsd.org and
> searching doesn't reveal the bug. However, invoking
> search from www.fr.freebsd.org or www.de.freebsd.org
> does end up with realms of perl code being displayed.
>
> Apache config bug?
>
Most probably, since mirrors do not use (and should not use)
the cgi directories they are often not configured at all
and thus displaying the contents of the perl scripts.
This is not world shocking because all the files are available
via CVS as well.
Hope this helps :)
Best regards,
Remko
--
Kind regards,
Remko Lodder ** remko@elvandar.org
FreeBSD ** remko@FreeBSD.org
/* Quis custodiet ipsos custodes */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44AA76F5.9050501>