[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-disclosure] TYPO3-SA-2010-020, TYPO3-SA-2010-022 explained
From:       Luca Carettoni <luca.carettoni () ikkisoft ! com>
Date:       2010-12-30 19:37:49
Message-ID: 1293737869.5464.51.camel () muller
[Download RAW message or body]

Hello all,
As it's now fixed by the latest TYP03 security update (see
http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-022/),
I've decided to briefly explain this interesting flaw.

An exploit and a demonstration video are also available here:
http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html

Please note that coincidentally Gregor Kopf has just disclosed the same
vulnerability (among other amazing bugs!) during his BerlinSides talk
(http://gregorkopf.de/slides_berlinsides_2010.pdf). He was originally
credited in the TYPO3-SA-2010-020 bulletin, whereas in the latest update
(TYPO3-SA-2010-022) we are both credited as I've been independently
working on the same issue. Well done @teh_gerg!
 
Cheers,
Luca


-- 
Luca Carettoni <luca.carettoni@ikkisoft.com>


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]