Bugtraq mailing list archives
TYPO3 SQL Injection vunerabilitie
From: Fabian Becker <neonomicus () gmx de>
Date: 3 Mar 2005 17:08:30 -0000
Hello Bugtraq :) Two week ago I found a SQL Inejetion vulnerabilitie in Typo3 (in the links-section/module/whatever you call it). I didn't really try to develope an exploit because I thought typo3 would directly react. But unfortunately that didn't happen :/ So here is the url that "exploits" the vulnerabilitie in a friendly way ;) http://[UrlToLinksSection]?&no_cache=1&action=getviewcategory&category_uid=1%20or%201=1 Maybe someone will find a way to exploit this one in a maliceous way so get typo3 to update it's software! C ya Neonomicus :) Greets go out to: Visus, Data-Storm-Industries-crew, Feanor, juck, the orkut-community :D, everybody I forgot ^^ Visit me at http://data-storm.com :)
Current thread:
- TYPO3 SQL Injection vunerabilitie Fabian Becker (Mar 03)
- Re: TYPO3 SQL Injection vunerabilitie Sebastian Wolfgarten (Mar 03)
- RE: TYPO3 SQL Injection vunerabilitie GulfTech Security Research (Mar 04)
- Re: TYPO3 SQL Injection vunerabilitie Michael Shigorin (Mar 04)
- Re: TYPO3 3rd party extension (cmw_linklist) SQL Injection vunerability Michael Shigorin (Mar 04)
- <Possible follow-ups>
- Re: TYPO3 SQL Injection vunerabilitie Dennis Shewmaker (Mar 03)
- Re: TYPO3 SQL Injection vunerabilitie Michael Stucki (Mar 04)
- Re: TYPO3 SQL Injection vunerabilitie Karsten Dambekalns (Mar 04)
- Re: TYPO3 SQL Injection vunerabilitie Sebastian Wolfgarten (Mar 03)