[TYPO3-caretaker] Insecure Extension problem
Marc Wöhlken
woehlken at quadracom.de
Tue Sep 27 17:43:47 CEST 2011
A related problem:
In the situation described in my previous post the caretaker fe plugin
"caretaker abstract" outputs unescaped html code which is interpreted by
the browser, e.g.
www.domain.tld Insecure Extensions
Command execution failed: Request Session Token failed:
- HTTP-URL: http://www.domain.tld/?eID=tx_caretakerinstance&rst=1
- HTTP-Status: 200
- HTTP-Response: PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
This results in a rather demolished output and could lead to XSS
problems when your TYPO3 site got hacked.
Regards
Marc
--
...........................................................
Marc Wöhlken TYPO3 certified integrator
Quadracom - Proffe & Wöhlken
Rembertistraße 32 WWW: http://www.quadracom.de
D-28203 Bremen E-Mail: woehlken at quadracom.de
______________ PGP-Key: http://pgp.quadracom.de
More information about the TYPO3-project-caretaker
mailing list