upd5: Eliminated the vulnerability, but I will not delete the topic, because the discussion is more interesting topic :-)
A new site perl.org, full of the latest XSS holes, was put into operation. The first check reveals a
hole !
')
Judging by the titles, it is hosted on some old stuff:
Server: Apache / 1.3.33 (Unix) mod_perl / 1.29
About the design, I am silent, the screenshot was taken in FF3, two elements that have just been dispersed are immediately visible.
Where is the world going ?? 8-o
I had the idea to write these pretzels, but there were so many holes! .. just at every step. Well, I think, to the demon - the grave will fix them.
upd Zastydili me here in the comments, hardened, bogus ... and I decided to write a letter to the developers. Already some time looking on the site where to write. Not yet found. I can not marvel at this wonderful site. Any school portals nervously smoking on the sidelines.
upd2 How to contact the developers - did not understand. Found a thread on use.perl.org with a discussion of this news. All write boiling water and crumble in mutual congratulations. To write - need to register. I do not want to register there. And I no longer want to spend Friday night to dig in this nest of fools (with all due respect, there is no other word). If anyone wants - write to these comrades. Thank.
upd3 No :-) Does not let me go :-) Intrigued by the numerous instructions in the comments, I did a little research on the relationship between perldoc.perl.org and perl.org. It turned out that all this perlokukhnya is hosted on XXX.develooper.com. Updates seem to have affected only sites located on x3.develooper.com, and even then not all. So learn.perl.org is clearly updated, updated and dbi.perl.org, while jobs.perl.org, planet.perl.org, dev.perl.org ... it seems that they were not updated, although they are located there - on x3. develooper.com. But the most important thing is that perldoc.perl.org is located on
x4 .develooper.com and is really far from life-giving updates in perlochstvo. There are also cpan.perl.org, blob.perl.org and much more.
Total: I must repent. The hole in perldoc.perl.org does not seem to be a consequence of updates, but a very old hole. Interestingly, nobody has noticed her for years (nobody cares for so much anyone ??, -)) or they know about her, but they are not going to fix it ??
Personally, I am shocked. How can you? !!!
upd4 hang up! A hole was plugged :-) Quickly - a couple of hours - and you're done! :-)