View Single Post
  #1   (View Single Post)  
Old 20th December 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default TYPO3 developers warn of critical hole

From http://h-online.com/-1397861

Quote:
The TYPO3 developer team has warned that a critical hole in the TYPO3 Content Management System (CMS) potentially allows attackers to compromise a server. Insufficient checking of the AbstractController.php file's BACK_PATH parameter enables attackers to upload and execute arbitrary PHP scripts (Remote File Inclusion). The developers have been informed that attackers are already trying to intrude into users' servers on a large scale.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote