12:33 Commissioned site perl org the first hole (upd already taped) | |
Upd5: Vulnerability eliminated, but the topic will not be removed, because the discussion more interesting topic :-) put into operation a new site perl.org, complete dodo XSS holes. The first test detects the same hole! Judging by the headlines, a host at some old stuff: Server: Apache/1.3.33 (Unix) mod_perl/1.29Pro design I am silent, a screenshot taken in FF3, visible just two razehavshisya element. Where the world is heading? 8-O It was my idea to write this pretzel, but the holes were so many! .. just everywhere. Well, they think, to the demon - the tomb to correct them. Upd ashamed of me here in the comments, Zachary, zakonfuzili ... and I decided to Pismo to write to the developers. For some time looking at the site to write about. Has not yet found. I can not but marvel at this wonder site. Any shkolnye portals nervously smoking in aside. Upd2 How to contact the developers - and not understood. I found a thread on use.perl.org with a discussion of the news. All piss boiling water and crumble in mutual congratulations. To write - I need to register. I do not want to register there. And I do not want to spend a Friday night out to delve into this nest of idiots (with all due respect, there is no other word). If anyone wants to - write to these comrades. Thank you. Upd3 No :-) Do not let me go :-) Intrigued mnogochislennyhmi instructions in the comments, I did some research, what is the relationship perldoc.perl.org and perl.org. It turned out that all this perlokuhnya hosted on XXX.develooper.com. Updates seem to have affected only the sites located on x3.develooper.com, and even then - not all. So learn.perl.org explicitly renewed, refreshed and dbi.perl.org, whereas jobs.perl.org, planet.perl.org, dev.perl.org ... seems to have not been updated, although located in the same place - on the x3. develooper.com. But most importantly - perldoc.perl.org located on the x4.develooper.com and really far from the life-giving updates perlotsarstve. There are cpan.perl.org, blob.perl.org and much more. Total: I must repent. Hole in perldoc.perl.org, apparently, is not a consequence of the updates, and is a very old hole. Interestingly, nobody has noticed over the years (in the Pearl so nobody cares?, -)) Or know about it, but it is not going to fix? Personally, I'm shocked. How can you?! Upd4 End! Hole plugged :-) Operativnenko - a couple of hours - and voila! :-) | |
|
Total comments: 0 | |