| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 4 Mar 2005 09:54:16 -0000 From: Michael Stucki <michael@...o3.org> To: bugtraq@...urityfocus.com Subject: Re: TYPO3 SQL Injection vunerabilitie In-Reply-To: <20050303170830.16705.qmail@....securityfocus.com> Hello Fabian, (repost because posting through GMANE appears not to work!) > Two week ago I found a SQL Inejetion vulnerabilitie in Typo3 (in the > links-section/module/whatever you call it). I didn't really try to > develope an exploit because I thought typo3 would directly react. But > unfortunately that didn't happen :/ > > So here is the url that "exploits" the vulnerabilitie in a friendly way ;) As far as I know, this information should not go to a public mailing list until the developers got some time to fix that problem. Just think about the panic this will cause if you announce how to exploit that bug when there was no patch available since the maintainers of TYPO3 had not been warned before...! Anyway, in this specific case it's not such a big problem because the bug must have been caused by a 3rd party plugin (=extension) to TYPO3. Since there are more than 1000 extensions in our repository you are kindly invited to contact me off this list to find out where it is caused and fix that problem. With kind regards - michael
Powered by blists - more mailing lists