TYPO3 SQL Injection vunerabilitie

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: TYPO3 SQL Injection vunerabilitie
From: Fabian Becker <neonomicus@xxxxxx>
Date: 3 Mar 2005 17:08:30 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm


Hello Bugtraq :)
Two week ago I found a SQL Inejetion vulnerabilitie in Typo3 (in the 
links-section/module/whatever you call it).
I didn't really try to develope an exploit because I thought typo3 would 
directly react. 
But unfortunately that didn't happen :/

So here is the url that "exploits" the vulnerabilitie in a friendly way ;)

http://[UrlToLinksSection]?&no_cache=1&action=getviewcategory&category_uid=1%20or%201=1

Maybe someone will find a way to exploit this one in a maliceous way so get 
typo3 to update it's software!

C ya
Neonomicus :)

Greets go out to:
Visus, Data-Storm-Industries-crew, Feanor, juck, the orkut-community :D, 
everybody I forgot ^^

Visit me at http://data-storm.com :)

Follow-Ups:
- Re: TYPO3 3rd party extension (cmw_linklist) SQL Injection vunerability
  - From: Michael Shigorin
- Re: TYPO3 SQL Injection vunerabilitie
  - From: Sebastian Wolfgarten

Prev by Date: [CLA-2005:928] Conectiva Security Announcement - clamav
Next by Date: Microsoft Antispyware Beta window docking issue
Previous by thread: [CLA-2005:928] Conectiva Security Announcement - clamav
Next by thread: Re: TYPO3 SQL Injection vunerabilitie
Index(es):
- Date
- Thread