[TYPO3-dev] [Fwd: [TYPO3-announce] Announcing TYPO3 4.0.12, 4.1.10 and 4.2.6]
Martin Kutschker
masi-no at spam-typo3.org
Tue Feb 10 17:56:14 CET 2009
Steffen Kamper schrieb:
> Hi Masi,
>
> Martin Kutschker schrieb:
>> Oliver Leitner schrieb:
>>> Some ppls really think that creating an exploit without that info
>>> takes longer than creating one with that info;M
>>>
>>> fun fun fun.
>>
>> I don't get you. I know that anyone with proper coding knowledge and a
>> bit of time can figure out an exploit with the info found in the
>> annoucement. Still I find that it wasn't necessary to give ideas which
>> file to get and to use which known methods to break in.
>>
>> Masi
>
> i don't think that this really was needful for such guys as they know
> how to use exploits. May be some new could test it now.
> But it shows how dangerous it could be, and possible capture of your
> site should show the need of updating immediately.
It only makes the little brats curious and could have been written in a
more general tone. eg "with the exploit you can retrieve vital
configuration files. With this files and well known methods the attacker
can gain administration access to your site. If the server is not
properly configured the attacker may even gain enough knowledge to steal
all your databases or break into your system."
Masi
More information about the TYPO3-dev
mailing list