SNS Vulnerability

TYPO3 "indexed_search" System Extension SQL Injection Vulnerability

Description

A vulnerability has been identified in TYPO3, which could be exploited by malicious users to conduct SQL injection attacks. This issue is caused by an input validation error in the "indexed_search" system extension when processing user-supplied data, which could be exploited by authenticated attackers to inject arbitrary SQL queries.

Vulnerable Products

Vulnerable Software:
TYPO3 versions 3.xTYPO3 versions 4.0 through 4.0.7TYPO3 versions 4.1 through 4.1.3

Solution

Upgrade to TYPO3 version 4.1.4 or 4.0.8 : http://typo3.org/download/packages/

CVE

CVE-2007-6381

References

http://typo3.org/teams/security/security-bulletins/typo3-20071210-1/

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
SQL injection Prevention - GET : suspicious OR statement in URL	3.2.0
SQL injection Prevention - POST : suspicious SELECT statement in data	3.2.0
SQL injection Prevention - GET : suspicious combination of 'OR' or 'AND' statements in URL	3.2.0
SQL injection Prevention - POST : possible version probing in data	3.2.0
SQL injection Prevention - GET : suspicious CREATE statement in URL	3.2.0
SQL injection Prevention - GET : suspicious OPENROWSET statement in URL	3.2.0
SQL injection Prevention - POST : suspicious OPENQUERY statement in data	3.2.0
SQL injection Prevention - POST : suspicious CREATE statement in data	3.2.0
SQL injection Prevention - POST : suspicious UPDATE statement in data	3.2.0
SQL injection Prevention - POST : suspicious UNION statement in data	3.2.0
SQL injection Prevention - GET : suspicious OPENQUERY statement in URL	3.2.0
SQL injection Prevention - GET : suspicious shutdown statement in URL	3.2.0
SQL injection Prevention - GET : suspicious UNION SELECT statement in URL	3.2.0
SQL injection Prevention - POST : suspicious DROP statement in data	3.2.0
SQL injection Prevention - GET : possible database version probing	3.2.0
SQL injection Prevention - POST : suspicious INSERT statement in data	3.2.0
SQL injection Prevention - POST : suspicious OR statement in data	3.2.0
SQL injection Prevention - GET : suspicious UPDATE SET statement in URL	3.2.0
SQL injection Prevention - POST : suspicious EXEC statement in data	3.2.0
SQL injection Prevention - GET : suspicious SELECT statement in URL	3.2.0
SQL injection Prevention - GET : suspicious INSERT statement in URL	3.2.0
SQL injection Prevention - GET : suspicious DROP statement in URL	3.2.0
SQL injection Prevention - POST : suspicious OPENROWSET statement in data	3.2.0
SQL injection Prevention - GET : suspicious EXEC statement in URL	3.2.0
SQL injection Prevention - POST : suspicious HAVING statement in data	3.2.0
SQL injection Prevention - GET : suspicious SQL statement in header	4.0.0

Risk level

Moderate

Vulnerability First Public Report Date

2007-12-13

Target Type

Server

Possible exploit

Local & Remote