©атсн²² (in)sесuяitу

Because we're damned if we do, and we're damned if we don't!

  • Archives


  •  Subscribe in a reader

  • Twitter

    • Jägermeister Austrian style. Chilled to perfection. Let the party begin! http://twitpic.com/185o95 8 hours ago
    • RT @lotusebhat: Our dev teams opine, "we are too busy for appsec training." > If you're too busy to train, it leaves more time for failure! 8 hours ago
    • RT @security4all: ECCouncil trying to leave blog comment spam on my blog -> rejected > There's a lot of that going about recently! 9 hours ago
    • It's always good when you look at your bank account and find more money there than you thought. I'm sure that won't last long though ;) 11 hours ago
    • RT @masontech: I am 37 today. Seriously on the wrong side of 30 now!> Happy birthday! 0x25 looksbetter though ;) 21 hours ago
«
»

TYPO3 Advisories (TYPO3-SA-2009-016)

Posted by ChrisJohnRiley on October 24, 2009

Some people may have noticed the addition of an “advisories” section to the blog over the last few days. Despite the fact I’m drugged up on painkillers and muscle relaxants, I managed to post up some information about the newest TYPO3 Security Advisories released in the past week.

Although the latest additions are basic XSS type vulnerabilities, I thought it was worth adding some information to the text from the TYPO3 security team. Once I’m a little less dosed up, I’ll try and add some example XSS strings (purely for educational purposes). I’m a believer in responsible disclosure, but a part of that is obviously disclosing the vulnerability and how it can be tested. Without that, security practitioners end up with a list of possible exploits and no way to demonstrate this to their clients. I personally hate nothing more than having to write “vulnerable to unpublished exploit” in a report, and often see those kind of vulns ignored or pushed to the back of the pile.

This entry was posted on October 24, 2009 at 11:50 am and is filed under Security. Tagged: , , . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “TYPO3 Advisories (TYPO3-SA-2009-016)”

  1. TYPO3 Advisories (TYPO3-SA-2009-016) Scripts Rss said

    October 27, 2009 at 3:20 pm

    [...] here: TYPO3 Advisories (TYPO3-SA-2009-016) By admin | category: Object, TYPO3 | tags: cross-site-scripting, latest, little-less, [...]

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

«
»