TYPO3 Crop and Square Thumbnails Cross Site Scripting and SQL Injection Vulnerabilities

Bugtraq ID:	52142
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Feb 23 2012 12:00AM
Updated:	Feb 23 2012 12:00AM
Credit:	Frank Nagler
Vulnerable:	Typo3 Crop and Square Thumbnails 1.2.4
Not Vulnerable:	Typo3 Crop and Square Thumbnails 1.2.5

TYPO3 Crop and Square Thumbnails Cross Site Scripting and SQL Injection Vulnerabilities

TYPO3 Crop and Square Thumbnails extension is prone to unspecified SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

TYPO3 Crop and Square Thumbnail 1.2.4 and prior versions are vulnerable.

TYPO3 Crop and Square Thumbnails Cross Site Scripting and SQL Injection Vulnerabilities

An attacker can exploit the SQL-injection issue with a browser. To exploit a cross-site scripting issue the attacker must entice an unsuspecting victim to follow a malicious URI.

TYPO3 Crop and Square Thumbnails Cross Site Scripting and SQL Injection Vulnerabilities

Solution:
The vendor has released updates. Please see the references for details.

TYPO3 Crop and Square Thumbnails Cross Site Scripting and SQL Injection Vulnerabilities

References:

• Synnefoims Homepage (synnefoims)
  
• TYPO3 Security Bulletin TYPO3-EXT-SA-2012-003: Several vulnerabilities in third (TYPO3)