[TYPO3-ttnews] Extra characters in URL ?L=/../..
Kay Strobach
typo3 at kay-strobach.de
Wed Feb 16 19:45:06 CET 2011
Hi,
seems to be a try to compromise your site.
Please check all your extensions and verify, that they are not
manipulated, that the function as expected.
Ask the security list to get more information.
Regards
Kay
Am 16.02.2011 18:33, schrieb Lily Wong:
> Hi tt_news list,
>
> I've come across a funny bug in one of my tt_news articles. On the
> front-end of this one particular article, all of the links on the
> article's page have extra characters appended to the end of the URL.
>
> For example, the link on the page should be:
> http://www.mysite.com/video/
> but instead it shows up as:
> http://www.mysite.com/video/?L=/../../../../../../../../../etc/passwd\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\0
>
>
> Has anyone else come across this situation? Could this be related to a
> configuration error in my RealURL extension?
>
> Thank you,
> Lily
>
> --
> lily.wong at utoronto.ca
>
--
http://www.kay-strobach.de - Open Source Rocks
More information about the TYPO3-project-tt-news
mailing list