[TYPO3-dev] [Fwd: [TYPO3-announce] Announcing TYPO3 4.0.12, 4.1.10 and 4.2.6]
stefano cecere
scecere at krur.com
Wed Feb 11 09:45:48 CET 2009
Martin Kutschker wrote:
> Why didn't you simply showed them the exploit. I tried it too and it was
> real fun to get arbitrary files from remote servers. It was quite a
> shock in our company.
i did the same (for the first time!)
it was quite "educative"
anyway it's not so easy to get access to the install tool from the hashed password:
first you have to descrypt it, and the the INSTALL_TOOL... security file should turned off (and i guess _every_ one has that file ON, right? :)
stefano
More information about the TYPO3-dev
mailing list