[TYPO3-core] RFC #12094: Bug: stdWrap function fullQuoteStr
Steffen Müller
typo3 at t3node.com
Thu Oct 1 19:06:03 CEST 2009
Hi.
On 01.10.2009 18:04 Dmitry Dulepov wrote:
> Hi!
>
> Martin Holtz wrote:
>> # SQL-Injection possible:
>
> If this is true, you should have not posted here but contacted TYPO3
> security team. If there is a vulnerability, you made it public and
> exploitable... :(
>
The problem is explained in one of my blog articles (with example TS):
http://www.t3node.com/blog/is-sql-injection-possible-in-typoscript-objects/
--
cheers,
Steffen
TYPO3 Blog: http://www.t3node.com/
Blubber on Twitter: http://twitter.com/t3node
More information about the TYPO3-team-core
mailing list