TYPO3 'bc_post2facebook' Extension Unspecified Cross-Site Scripting and SQL-Injection Vulnerability
BID:51846
Info
TYPO3 'bc_post2facebook' Extension Unspecified Cross-Site Scripting and SQL-Injection Vulnerability
| Bugtraq ID: | 51846 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-1077 CVE-2012-1087 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 02 2012 12:00AM |
| Updated: | Feb 16 2012 05:50PM |
| Credit: | Georg Ringer |
| Vulnerable: |
Typo3 bc_post2facebook 0.2.1 |
| Not Vulnerable: |
Typo3 bc_post2facebook 0.2.2 |
Discussion
TYPO3 'bc_post2facebook' Extension Unspecified Cross-Site Scripting and SQL-Injection Vulnerability
'bc_post2facebook' is prone to an unspecified SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Versions prior to bc_post2facebook 0.2.2 are vulnerable.
'bc_post2facebook' is prone to an unspecified SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Versions prior to bc_post2facebook 0.2.2 are vulnerable.
Exploit / POC
TYPO3 'bc_post2facebook' Extension Unspecified Cross-Site Scripting and SQL-Injection Vulnerability
An attacker can exploit these issues through a browser. To exploit a cross-site scripting issue, the attacker must entice an unsuspecting victim to follow a malicious URI.
An attacker can exploit these issues through a browser. To exploit a cross-site scripting issue, the attacker must entice an unsuspecting victim to follow a malicious URI.
Solution / Fix
TYPO3 'bc_post2facebook' Extension Unspecified Cross-Site Scripting and SQL-Injection Vulnerability
Solution:
Updates are available; please see the references for more information.
Solution:
Updates are available; please see the references for more information.
References
TYPO3 'bc_post2facebook' Extension Unspecified Cross-Site Scripting and SQL-Injection Vulnerability
References:
References: