[TYPO3-english] "com_simpledownload"??
Jigal van Hemert
jigal.van.hemert at typo3.org
Mon Feb 24 10:23:23 CET 2014
Hi,
On 23-2-2014 17:56, Axel Joensson wrote:
> i a productive T3 installation 4.5.32 with five languages, when randomly
> looking into the source code deliverred to the brwoser, I today
> discovered a strange line:
>
> index.html?option=com_simpledownload&controller=
>
> There followed almost countless slashes with a final 0. I have no idea
> were that "option" may come from, but googling for "com_simpledownload"
> I found something looking like exploit scripts written for Joomla some
> years ago.
>
> Emptying all cashes removed that "option" from the links, but I'd really
> like to know: How can that appear in my source code without having
> anything installed that is only close such a (possible) extension?
Perhaps you have options set in your configuration (or that of an
extension) to keep the existing URL parameters when generating a link.
If someone manually adds these parameters to test if the exploit with
com_simpledownload is available on your server, these links might end up
in the cache.
See 'addQueryString' [1].
[1]
http://docs.typo3.org/typo3cms/TyposcriptReference/Functions/Typolink/Index.html
--
Jigal van Hemert
TYPO3 CMS Active Contributor
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-english
mailing list