[Typo3] SQL Injection

Taylor, Jeff JTaylor at venterinstitute.org
Fri Mar 4 14:06:30 CET 2005


I hate to be a party pooper, but this was posted on SECURITY FOCUS. It's
already "public"  
Alerting the entire "typo3 community" about it is important to one, let
people know to watch out for it and two to encourage someone to fix this
problem immediately.  A lot more people, including "hackers," read
security focus than this little newsgroup/listserv.  

Can we focus on getting it fixed rather than complaining that it was
posted in the wrong place?  I'd work on fixing it but I don't have
enough knowledge to do it. 


.jeff.


-----Original Message-----
From: typo3-english-bounces at lists.netfielders.de
[mailto:typo3-english-bounces at lists.netfielders.de] On Behalf Of Kraft
Bernhard
Sent: Thursday, March 03, 2005 4:47 PM
To: typo3-english at lists.netfielders.de
Subject: Re: [Typo3] SQL Injection

Ries van Twisk wrote:
> I just tested it and it's indeed possible to do a  sql injection,

All after all this notice should have gone to the security mailinglist
at typo3-project-security at lists.netfielders.de

It is not good to have such things public ...






greets,
Bernhard
-- 
----------------------------------------------------------------------
"Freiheit ist immer auch die Freiheit des Andersdenkenden"
Rosa Luxemburg, 1871 - 1919
----------------------------------------------------------------------
_______________________________________________
Typo3-english mailing list
Typo3-english at lists.netfielders.de
http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english



More information about the TYPO3-english mailing list