[Typo3] SQL Injection

Kraft Bernhard kraftb at gmx.net
Thu Mar 3 21:51:00 CET 2005

Taylor, Jeff wrote:

> http://[UrlToLinksSection]?&no_cache=1&action=getviewcategory&category_u
> id=1%20or%201=1

Well. That surely results in a result containing all entries of a table
instead of just those which aren't delted/hidden and in the correct category.

He just adds " OR 1=1" which always evaluates to true to the WHERE part of the
Every extension which isn't doing WHERE field=intval($GETorPOSTorPiVarsfield) or
'WHERE field="'.$GLOBALS['TYPO3_DB']->quoteStr($GETorPOSTorPiVarsfield).'" ...'
(the later MUST get used if you compare strings)
is affected by this bug
(Ups. Did I do this ?)

"Freiheit ist immer auch die Freiheit des Andersdenkenden"
Rosa Luxemburg, 1871 - 1919

More information about the TYPO3-english mailing list