Namazu-users-ja(旧)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Namazu 2.0.9 was released.

From: 藤原誠 / Makoto Fujiwara <makoto@xxxxx>
Date: Mon, 03 Dec 2001 15:11:14 +0900
X-ml-name: namazu-users-ja
X-mail-count: 02258
References: <87wv08boqc.wl@puti.eal.or.jp> <drk7w5vtf1.wl@grd.advantest.co.jp> <yfmk7w5ylwf.wl@u.ki.nu> <drher9vsbc.wl@grd.advantest.co.jp> <yfmitbozz8e.wl@u.ki.nu> <drg06sx5pv.wl@grd.advantest.co.jp>

>                                            千葉市中央区長洲
>                                                    藤原  誠
菅さんにもう一つだけ試して見て欲しいことがあります。たびたび
お手数をおかけして済みません。添付の namazu-cgi-8-small を 
tests の下に置いて、
sh -xv namazu-cgi-8-small
とするとどうなるでしょうか。

<S>という字があれば問題です。
---
(藤原)
http://www.ki.nu/software/namazu/tutorial/

#! /bin/sh
#
# Test for cross-site scripting vulnerability
#
LOG=`pwd`/test-log
echo '  *** starting ' $0 >>$LOG
pwd=`pwd`
tmprc="$pwd/../src/.namazurc"

# To make messages English
LANG= ; export LANG
unset LANGUAGE
unset LC_ALL
unset LC_MESSAGES

cd ../src

# check "idxname"
tmprc="$pwd/../src/.namazurc"
echo "Index $pwd" > $tmprc

SCRIPT_NAME='namazu.cgi'
QUERY_STRING='query=namazu&idxname=idx1&idxname="<S>strike</S>'
export SCRIPT_NAME QUERY_STRING 

# ./namazu.cgi

# RESULT=`./namazu.cgi 2>&1 | grep '<S>' | wc -l`
./namazu.cgi | grep '<S>'

Follow-Ups:
- Re: Namazu 2.0.9 was released.
  - From: Taiji . Can

References:
- Re: Namazu 2.0.9 was released.
  - From: Taiji . Can
- Re: Namazu 2.0.9 was released.
  - From: 藤原誠 / Makoto Fujiwara
- Re: Namazu 2.0.9 was released.
  - From: Taiji . Can
- Re: Namazu 2.0.9 was released.
  - From: 藤原誠 / Makoto Fujiwara
- Re: Namazu 2.0.9 was released.
  - From: Taiji . Can

Prev by Date: Re: configure でエラー
Next by Date: Re: Namazu 2.0.9 was released.
Previous by thread: Re: Namazu 2.0.9 was released.
Next by thread: Re: Namazu 2.0.9 was released.
Index(es):
- Date
- Thread