[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    TYPO3 SQL Injection vunerabilitie
From:       Fabian Becker <neonomicus () gmx ! de>
Date:       2005-03-03 17:08:30
Message-ID: 20050303170830.16705.qmail () www ! securityfocus ! com
[Download RAW message or body]



Hello Bugtraq :)
Two week ago I found a SQL Inejetion vulnerabilitie in Typo3 (in the \
links-section/module/whatever you call it). I didn't really try to develope an \
exploit because I thought typo3 would directly react.  But unfortunately that didn't \
happen :/

So here is the url that "exploits" the vulnerabilitie in a friendly way ;)

http://[UrlToLinksSection]?&no_cache=1&action=getviewcategory&category_uid=1%20or%201=1


Maybe someone will find a way to exploit this one in a maliceous way so get typo3 to \
update it's software!

C ya
Neonomicus :)

Greets go out to:
Visus, Data-Storm-Industries-crew, Feanor, juck, the orkut-community :D, everybody I \
forgot ^^

Visit me at http://data-storm.com :)


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic