[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: 3 Mar 2005 17:08:30 -0000
From: Fabian Becker <neonomicus@....de>
To: bugtraq@...urityfocus.com
Subject: TYPO3 SQL Injection vunerabilitie
Hello Bugtraq :)
Two week ago I found a SQL Inejetion vulnerabilitie in Typo3 (in the links-section/module/whatever you call it).
I didn't really try to develope an exploit because I thought typo3 would directly react.
But unfortunately that didn't happen :/
So here is the url that "exploits" the vulnerabilitie in a friendly way ;)
http://[UrlToLinksSection]?&no_cache=1&action=getviewcategory&category_uid=1%20or%201=1
Maybe someone will find a way to exploit this one in a maliceous way so get typo3 to update it's software!
C ya
Neonomicus :)
Greets go out to:
Visus, Data-Storm-Industries-crew, Feanor, juck, the orkut-community :D, everybody I forgot ^^
Visit me at http://data-storm.com :)
Powered by blists - more mailing lists