Bug #18889
closed
url spamming (injection vulnerability?)
0%
Description
Some time ago we had a strange attack to our typo3 web pages - in
some pages the links to subpages were modified. The address of some
unknown (spammer) web page was appended to the urls. E.g.
http://www.interlogic.se/index.php?id=3became
We decided to upgrade Typo3 to 4.1.6 and that cured the problem for some
time. Now it seems these attacks are back. For instance, check the URL
above. Any idea what causes this? We can provide logs if necessary.
The following extensions are installed (loaded and running) on the site:
Versioning Management version 1.1.0
htmlArea RTE rtehtmlarea 1.5.5
xp-blue skin for htmlArea RTE sr_rtehtmlarea_xpblue 0.1.6
Frontend change password fechangepassword 1.0.2
New front end login box newloginbox 2.2.9
TYPO3 skin t3skin 0.1.0
We're using php 4.4.4
(issue imported from #M8579)
Updated by Susanne Moog over 16 years ago
perhabs this could help: http://www.pi-phi.de/t3v4/23.html
Updated by Chris Bischoff over 16 years ago
i'm having the exact same problem & i'm using Typo3 4.2.0. can you please give me those instructions in English? thank you.
Updated by Marcus Krause over 16 years ago
RTFM, just have a look into TSref:
http://typo3.org/documentation/document-library/references/doc_core_tsref/4.1.0/view/7/3/
either you set
config.linkVars = L(int)
or specify a specific range
config.linkVars = L(1-9)
to make sure only valid parameters get cached
I'm pretty sure this solves your problem, right?
Updated by Chris Bischoff over 16 years ago
ok, thank you... i will see if the same thing happens again in time. thanks again.
Updated by Marcus Krause over 16 years ago
as TSref provides a solution for this issue (see my comment) this ticket will be closed