[TYPO3-english] "com_simpledownload"??
Axel Joensson
a.joensson at web.de
Tue Feb 25 17:24:12 CET 2014
Axel Joensson <a.joensson at web.de> wrote:
> Jigal van Hemert <jigal.van.hemert at typo3.org> wrote:
>
> > I had a quick look in the source code of sr_language_menu 1.5.2 and it
> > seems to me that all GET and POST parameter, except for the ones set in
> > 'removeParams' are included in the links.
> >
> > You can file a bug report at [1].
> >
> > [1] http://forge.typo3.org/projects/extension-sr_language_menu/issues
>
> thx, done: <http://forge.typo3.org/issues/56243>!
>
> Axel
Today, the same bull**** appeared online again:
<div class="tx-srlanguagemenu-pi1"><span class="lang-cur">Deutsch</span>
|
<span class="lang-no"><a href="en/index.html?
option=com_simpledownload&controller=../../../../../../../../../../.
./../../../../proc/
self/environ////////////////////////////////////////////////////////////
////0">English</a> </span> |
<span class="lang-no"><a href="ja/index.html?
option=com_simpledownload&controller=../../../../../../../../../../.
./../../../../proc/
self/environ////////////////////////////////////////////////////////////
////0">ì˙ñ{åÍ</a>
Wonderful, if people can manipulate the source code of a website without
even entering the backend.
More information about the TYPO3-english
mailing list