Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

TYPO3 Advisories (TYPO3-SA-2009-016)

1 Comment Posted by on October 24, 2009

Some people may have noticed the addition of an “advisories” section to the blog over the last few days. Despite the fact I’m drugged up on painkillers and muscle relaxants, I managed to post up some information about the newest TYPO3 Security Advisories released in the past week.

Although the latest additions are basic XSS type vulnerabilities, I thought it was worth adding some information to the text from the TYPO3 security team. Once I’m a little less dosed up, I’ll try and add some example XSS strings (purely for educational purposes). I’m a believer in responsible disclosure, but a part of that is obviously disclosing the vulnerability and how it can be tested. Without that, security practitioners end up with a list of possible exploits and no way to demonstrate this to their clients. I personally hate nothing more than having to write “vulnerable to unpublished exploit” in a report, and often see those kind of vulns ignored or pushed to the back of the pile.

Security , ,

One response to “TYPO3 Advisories (TYPO3-SA-2009-016)

  1. Pingback: TYPO3 Advisories (TYPO3-SA-2009-016) Scripts Rss