[TYPO3-dev] TYPO3 hack?
Henning Pingel
henningT3 at henningpingel.de
Sun Sep 2 12:04:31 CEST 2007
Hi guys,
Any further speculations or possible explanations for this phenomenon
should not be published on this list. Instead please send them to Ben
personally to only help him solving this and to nobody else. If you
don't want to write to Ben (for reasons I can't imagine ;-) ) write to
the TYPO3 Security Team instead: http://typo3.org/teams/security/contact-us/
But stop posting thoughts to public lists please.
Thanks a lot and have a nice Sunday!
Henning
Member of the TYPO3 Security Team
Olivier Dobberkau schrieb:
> ben van 't ende [netcreators] schrieb:
>
>> I do not really get what is going on here. What script would be
>> exploited here?
>> And where do i see wikipedia in the url?
>
> Hi Ben.
>
> Realurl Redirect?
> Use Rex Swain Http Viewer or Tamper Data to see the transcript
>
> looks like something is sending a location header:
>
> HTTP/1.1·302·Found(CR)(LF)
> Date:·Sat,·01·Sep·2007·20:20:13·GMT(CR)(LF)
> Server:·Apache/1.3.33·(Debian·GNU/Linux)·mod_layout/3.2·PHP/4.4.7-0.dotdeb.0·with·Suhosin-Patch·mod_ssl/2.8.22·OpenSSL/0.9.7e(CR)(LF)
>
> Location:·http://en.wikipedia.org/wiki/Script_kiddie?eID=tx_cms_showpic&file=uploads%252Fpics%252FFE..fs485R.409R.463_01.jpg&width=500m&height=500m&bodyTag=%253Cbody%2520bgColor%253D%2522%2523ffffff%2522%253E&wrap=%253Ca%2520href%253D%2522javascript%253Aclose%2528%2529%253B%2522%253E%2520%257C%2520%253C%252Fa%253E&md5=0691d4de09a321c3f242aad300b42d91(CR)(LF)
>
> Connection:·close(CR)(LF)
> Transfer-Encoding:·chunked(CR)(LF)
> Content-Type:·text/html;·charset=iso-8859-1(CR)(LF)
> (CR)(LF)
>
> Strange.
>
> Olivier
More information about the TYPO3-dev
mailing list