Bugtraq mailing list archives
Re: TYPO3 SQL Injection vunerabilitie
From: Michael Shigorin <mike () osdn org ua>
Date: Fri, 4 Mar 2005 18:45:33 +0200
On Fri, Mar 04, 2005 at 12:06:37AM +0100, Sebastian Wolfgarten wrote:
I am pretty sure Fabian (Neonomicus) meant *every link* (or site) generated by Typo3, didn't he?
Even if he did, it would be just as incorrect as the original Subject.
@Fabian (Neonomicus): Could you please provide more details about the vulnerability you've discoveredl? By the way did you give the Typo3 guys *enough* time to respond???
Most likely it was some weird way of contacting them in the
first place: posting the message to BTS resulted in an updated
extension version being published within some 5 hours, security
announce on the website ("Severity: high") and a reminder on
contact address (typo3-project-security>lists.netfielders.de).
PS: when choosing "the next CMS", one of our considerations was
virtually empty bugtraq coverage (with the code being public
since 2000 and used on quite a few sites). Go figure :-)
--
---- WBR, Michael Shigorin <mike () altlinux ru>
------ Linux.Kiev http://www.linux.kiev.ua/
Attachment:
_bin
Description:
Current thread:
- TYPO3 SQL Injection vunerabilitie Fabian Becker (Mar 03)
- Re: TYPO3 SQL Injection vunerabilitie Sebastian Wolfgarten (Mar 03)
- RE: TYPO3 SQL Injection vunerabilitie GulfTech Security Research (Mar 04)
- Re: TYPO3 SQL Injection vunerabilitie Michael Shigorin (Mar 04)
- Re: TYPO3 3rd party extension (cmw_linklist) SQL Injection vunerability Michael Shigorin (Mar 04)
- <Possible follow-ups>
- Re: TYPO3 SQL Injection vunerabilitie Dennis Shewmaker (Mar 03)
- Re: TYPO3 SQL Injection vunerabilitie Michael Stucki (Mar 04)
- Re: TYPO3 SQL Injection vunerabilitie Karsten Dambekalns (Mar 04)
- Re: TYPO3 SQL Injection vunerabilitie Sebastian Wolfgarten (Mar 03)