[TYPO3-english] "com_simpledownload"??

Jigal van Hemert jigal.van.hemert at typo3.org
Mon Feb 24 10:23:23 CET 2014


Hi,

On 23-2-2014 17:56, Axel Joensson wrote:
> i a productive T3 installation 4.5.32 with five languages, when randomly
> looking into the source code deliverred to the brwoser, I today
> discovered a strange line:
>
> index.html?option=com_simpledownload&controller=
>
> There followed almost countless slashes with a final 0. I have no idea
> were that "option" may come from, but googling for "com_simpledownload"
> I found something looking like exploit scripts written for Joomla some
> years ago.
>
> Emptying all cashes removed that "option" from the links, but I'd really
> like to know: How can that appear in my source code without having
> anything installed that is only close such a (possible) extension?

Perhaps you have options set in your configuration (or that of an 
extension) to keep the existing URL parameters when generating a link.
If someone manually adds these parameters to test if the exploit with 
com_simpledownload is available on your server, these links might end up 
in the cache.

See 'addQueryString' [1].

[1] 
http://docs.typo3.org/typo3cms/TyposcriptReference/Functions/Typolink/Index.html

-- 
Jigal van Hemert
TYPO3 CMS Active Contributor

TYPO3 .... inspiring people to share!
Get involved: typo3.org


More information about the TYPO3-english mailing list