[Typo3] SQL Injection

Taylor, Jeff JTaylor at venterinstitute.org
Thu Mar 3 20:51:55 CET 2005

Has anybody seen this message and reviewed its validity? 

-----Original Message-----
From: Fabian Becker [mailto:neonomicus at gmx.de]
Sent: Thursday, March 03, 2005 12:09 PM
To: bugtraq at securityfocus.com
Subject: TYPO3 SQL Injection vunerabilitie

Hello Bugtraq :)
Two week ago I found a SQL Inejetion vulnerabilitie in Typo3 (in the
links-section/module/whatever you call it).
I didn't really try to develope an exploit because I thought typo3 would
directly react. 
But unfortunately that didn't happen :/

So here is the url that "exploits" the vulnerabilitie in a friendly way


Maybe someone will find a way to exploit this one in a maliceous way so
get typo3 to update it's software!

C ya
Neonomicus :)

Greets go out to:
Visus, Data-Storm-Industries-crew, Feanor, juck, the orkut-community :D,
everybody I forgot ^^

Visit me at http://data-storm.com :)

More information about the TYPO3-english mailing list