Project

General

Profile

Actions
Copy link

Bug #23554

closed

Admin Panel is susceptible to XSS

Added by Helmut Hummel about 14 years ago. Updated about 14 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
-
Target version:
-
Start date:
2010-09-17
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.5
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Failing to escape GET parameter names, the admin panel is susceptible to XSS

(issue imported from #M15733)

Files

Download all files
15733_trunk.diff (1021 Bytes) 15733_trunk.diff Administrator Admin, 2010-09-17 16:22
rfc17533-branch42.diff (978 Bytes) rfc17533-branch42.diff Administrator Admin, 2010-09-29 18:07
rfc17533-branch43.diff (1.02 KB) rfc17533-branch43.diff Administrator Admin, 2010-09-29 18:08
rfc17533-branch44.diff (1021 Bytes) rfc17533-branch44.diff Administrator Admin, 2010-09-29 18:08

Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Bug #23685: Adminpanel fails in 4.3.7ClosedSteffen Kamper2010-10-06

Actions
Actions
Copy link
 #1

Updated by Helmut Hummel about 14 years ago

Prerequisites:
  • Admin Panel enabled (obvious)
  • Firefox (not Safari, not IE as they have XSS protection builtin)

Exploit Code:
http://typo3.host/?%22%3Cscript%3Ealert%28123%29%3C/script%3E

Actions
Copy link
 #2

Updated by Michael Stucki about 14 years ago

Patches "rfc17533-branch4x.diff" have been supplied by Steffen Ritter. The solution is the same like in 15733_trunk.diff, just ported so it applies fine on all versions. Steffen Ritter tested the patches and gives +1 for TYPO3_4-2, TYPO3_4-3, TYPO3_4-4 and Trunk.

Actions
Copy link

Also available in: Atom PDF