[Typo3] SQL Injection
Kraft Bernhard
kraftb at gmx.net
Thu Mar 3 21:51:00 CET 2005
Taylor, Jeff wrote:
> http://[UrlToLinksSection]?&no_cache=1&action=getviewcategory&category_u
> id=1%20or%201=1
Well. That surely results in a result containing all entries of a table
instead of just those which aren't delted/hidden and in the correct category.
He just adds " OR 1=1" which always evaluates to true to the WHERE part of the
query.
Every extension which isn't doing WHERE field=intval($GETorPOSTorPiVarsfield) or
'WHERE field="'.$GLOBALS['TYPO3_DB']->quoteStr($GETorPOSTorPiVarsfield).'" ...'
(the later MUST get used if you compare strings)
is affected by this bug
(Ups. Did I do this ?)
greets,
Bernhard
--
----------------------------------------------------------------------
"Freiheit ist immer auch die Freiheit des Andersdenkenden"
Rosa Luxemburg, 1871 - 1919
----------------------------------------------------------------------
More information about the TYPO3-english
mailing list