[TYPO3-core] RFC #12094: Bug: stdWrap function fullQuoteStr

Steffen Müller typo3 at t3node.com
Thu Oct 1 19:06:03 CEST 2009


Hi.

On 01.10.2009 18:04 Dmitry Dulepov wrote:
> Hi!
> 
> Martin Holtz wrote:
>> # SQL-Injection possible:
> 
> If this is true, you should have not posted here but contacted TYPO3
> security team. If there is a vulnerability, you made it public and
> exploitable... :(
> 

The problem is explained in one of my blog articles (with example TS):
http://www.t3node.com/blog/is-sql-injection-possible-in-typoscript-objects/


-- 
cheers,
Steffen

TYPO3 Blog: http://www.t3node.com/
Blubber on Twitter: http://twitter.com/t3node


More information about the TYPO3-team-core mailing list