[TYPO3-ttnews] Extra characters in URL ?L=/../..

Georg Ringer typo3 at ringerge.org
Wed Feb 16 19:47:12 CET 2011

Previous message: [TYPO3-ttnews] Extra characters in URL ?L=/../..
Next message: [TYPO3-ttnews] translating the age: xx "days"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Am 16.02.2011 18:33, schrieb Lily Wong:
> http://www.mysite.com/video/?L=/../../../../../../../../../etc/passwd\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\0

usually it is correct to ask the security team but this is no security 
issue but a misconfiguration.

Set something like config.linkVars = L(int)
or = L(1-3)

otherwise any parameter is cached

Georg

Previous message: [TYPO3-ttnews] Extra characters in URL ?L=/../..
Next message: [TYPO3-ttnews] translating the age: xx "days"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the TYPO3-project-tt-news mailing list