In-Reply-To: <20050303170830.16705.qmail@xxxxxxxxxxxxxxxxxxxxx> Hello Fabian, (repost because posting through GMANE appears not to work!) > Two week ago I found a SQL Inejetion vulnerabilitie in Typo3 (in the > links-section/module/whatever you call it). I didn't really try to > develope an exploit because I thought typo3 would directly react. But > unfortunately that didn't happen :/ > > So here is the url that "exploits" the vulnerabilitie in a friendly way ;) As far as I know, this information should not go to a public mailing list until the developers got some time to fix that problem. Just think about the panic this will cause if you announce how to exploit that bug when there was no patch available since the maintainers of TYPO3 had not been warned before...! Anyway, in this specific case it's not such a big problem because the bug must have been caused by a 3rd party plugin (=extension) to TYPO3. Since there are more than 1000 extensions in our repository you are kindly invited to contact me off this list to find out where it is caused and fix that problem. With kind regards - michael
