|
|
BugTraq
TYPO3 SQL Injection vunerabilitie Mar 03 2005 05:08PM Fabian Becker (neonomicus gmx de) (2 replies) Re: TYPO3 3rd party extension (cmw_linklist) SQL Injection vunerability Mar 04 2005 01:06PM Michael Shigorin (mike osdn org ua) Re: TYPO3 SQL Injection vunerabilitie Mar 03 2005 11:06PM Sebastian Wolfgarten (sebastian wolfgarten com) (2 replies) RE: TYPO3 SQL Injection vunerabilitie Mar 04 2005 12:54AM GulfTech Security Research (security gulftech org) |
|
Privacy Statement |
> I am pretty sure Fabian (Neonomicus) meant *every link* (or
> site) generated by Typo3, didn't he?
Even if he did, it would be just as incorrect as the original
Subject.
> @Fabian (Neonomicus): Could you please provide more details
> about the vulnerability you've discoveredl? By the way did you
> give the Typo3 guys *enough* time to respond???
Most likely it was some weird way of contacting them in the
first place: posting the message to BTS resulted in an updated
extension version being published within some 5 hours, security
announce on the website ("Severity: high") and a reminder on
contact address (typo3-project-security>lists.netfielders.de).
PS: when choosing "the next CMS", one of our considerations was
virtually empty bugtraq coverage (with the code being public
since 2000 and used on quite a few sites). Go figure :-)
--
---- WBR, Michael Shigorin <mike (at) altlinux (dot) ru [email concealed]>
------ Linux.Kiev http://www.linux.kiev.ua/
[ reply ]