404 Blog Not Found:perl+javascript - �Ϥƥ֤�û��URL��Mashup�ΥХ��ե��å�����
���ѥ��Ģ - dankogai����Υ��ץ��XSS���顼��å���������Ϥ���Ȥ��� HTML���������פ�����Ƥʤ��ä���
����Ȥ��Ȥ������ä��������������ϡ�TB�ʤ���Comment�ʤɡ�����������ľ�ܸ����������𤷤��ߤ�����
���⤽��text/html�Ȥ��Ʋ�ᤵ��Ƥ���ΤϤ��������Ȼפä�header�򸫤��顢
% HEAD 'http://u.dan.co.jp/r.cgi/<script>alert('easy%20xss');</script>'
500 Internal Server Error
Connection: close
Date: Fri, 01 Dec 2006 19:15:41 GMT
Server: Apache/1.3.33 (Unix) mod_perl/1.29 DAV/1.0.3
Content-Type: application/octet-stream
Client-Date: Fri, 01 Dec 2006 19:15:41 GMT
Client-Peer: 219.127.162.235:80
Client-Response-Num: 1
orz���ʲ����Ǿ��¤Τ������fix��
+++ r.cgi 2006/12/02 07:01:53
@@ -1,6 +1,6 @@
#!/usr/local/bin/perl -T
#
-# $Id: r.cgi,v 0.1 2006/11/16 20:35:10 dankogai Exp $
+# $Id: r.cgi,v 0.3 2006/12/02 07:01:52 dankogai Exp dankogai $
#
use strict;
use warnings;
@@ -12,7 +12,8 @@
my $dbfile = '.eid2uri.db';
local $SIG{__DIE__} = sub {
- print "Status: 500\n\n", @_;
+ print join("\n", "Status: 500", "Content-Type: text/plain",
+ "\n", @_, " " x 512), "\n";
exit;
};
Go ahead. Make my day.
���μ�ˡ��¾�ˤâ¹ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½È»×¤ï¿½ï¿½ï¿½Status 500����Ȥ����ʤɡ�Message��ɬ������HTML�Ǥʤ��Ƥ⤤����硢Content-Type: text/plain�ˤ��Ƥ��ޤ��Ȥ����ΤϤ��������Τ�ʤ�������ޤǡּ¹ԡפ���Ƥ��ޤ��Τ��Ȥ����顢����Ϥ⤦�֥饦��(User Agent)��������
Dan the Man to Err
IE��512�Х���������н褷�ޤ��������꤬�Ȥ��������ޤ�����
# ��ľ��CGI::Carp��Ȥ��٤��ä�����
Dan the Maintainer Thereof