BID:39355

TYPO3 'autoloader' Remote File Include Vulnerability

Info

TYPO3 'autoloader' Remote File Include Vulnerability

Bugtraq ID:	39355
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 09 2010 12:00AM
Updated:	Apr 09 2010 12:00AM
Credit:	Christian Bülter and Bastian Heiser
Vulnerable:	Typo3 Typo3 4.3.2 Typo3 Typo3 4.3.1 Typo3 Typo3 4.3

Not Vulnerable:	Typo3 Typo3 4.3.3

Discussion

TYPO3 'autoloader' Remote File Include Vulnerability

TYPO3 is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

TYPO3 4.3 prior to 4.3.3 are vulnerable.

Exploit / POC

TYPO3 'autoloader' Remote File Include Vulnerability

Attackers can use a browser to exploit this issue.

Solution / Fix

TYPO3 'autoloader' Remote File Include Vulnerability

Solution:
Updates are available; please see the references for more information.

Typo3 Typo3 4.3

Typo3 13959.files.zip
http://typo3.org/fileadmin/security-team/bug13959/13959.files.zip

Typo3 13959_4-3_v4.diff
http://typo3.org/fileadmin/security-team/bug13959/13959_4-3_v4.diff

Typo3 Typo3 4.3.1

Typo3 13959.files.zip
http://typo3.org/fileadmin/security-team/bug13959/13959.files.zip

Typo3 13959_4-3_v4.diff
http://typo3.org/fileadmin/security-team/bug13959/13959_4-3_v4.diff

Typo3 Typo3 4.3.2

Typo3 13959.files.zip
http://typo3.org/fileadmin/security-team/bug13959/13959.files.zip

Typo3 13959_4-3_v4.diff
http://typo3.org/fileadmin/security-team/bug13959/13959_4-3_v4.diff

References

TYPO3 'autoloader' Remote File Include Vulnerability

References:

TYPO3 Homepage (TYPO3)
TYPO3-SA-2010-008: Remote Command Execution in TYPO3 Core (TYPO3)