Metasploit mailing list archives

typo3 sa-2009-002 metasploit auxiliary

From: hdm at metasploit.com (H D Moore)
Date: Sat, 14 Mar 2009 21:35:06 -0500

On Sun, 2009-03-15 at 03:18 +0100, spinbad wrote:

Hi all

attached you will find a auxiliary module to exploit the vulnerablity
described in the typo3 security bulletin sa-2009-002.
Nothing fancy, just a ruby-port of the exploit from TK53
(http://www.milw0rm.com/exploits/8038)

Would be cool if someone puts it into the svn after some quality
control...


Thanks, it looks great! I reworded the description a bit so as not to
quote the original advisory verbatim. One thing that may be problematic:

error_uri = datastore['URI'] + "/index.php?jumpurl=" +datastore['RFILE']
+"&juSecure=1&type=0&locationData=1:"


The URI and/or RFILE may need to be URI encoded if certain paths are
accessed. Do you think this is an issue?

Module added as auxiliary/admin/http/typo3_sa_2009_002.rb

-HD

Current thread:

typo3 sa-2009-002 metasploit auxiliary spinbad (Mar 14)
- typo3 sa-2009-002 metasploit auxiliary H D Moore (Mar 14)
- adobe Nicolas Krassas (Mar 17)
  - adobe webDEViL (Mar 17)