exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Typo3 JobControl 2.14.0 Cross Site Scripting / SQL Injection

Typo3 JobControl 2.14.0 Cross Site Scripting / SQL Injection
Posted Sep 26, 2014
Authored by Hans-Martin Muench

Typo3 JobControl version 2.14.0 suffers from cross site scripting and remote SQL injection vulnerabilities. Typo3 no longer provides updates for this extension and it is considered unsafe to use.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | fd26ba8328d734e82a7dea5f7dff200a5a1a0a8862c060bfd070948aa195c3db

Typo3 JobControl 2.14.0 Cross Site Scripting / SQL Injection

Change Mirror Download
Mogwai Security Advisory MSA-2014-02
Title:              JobControl (dmmjobcontrol) Multiple Vulnerabilities
Product:            dmmjobcontrol (Typo3 Extension)
Affected versions:  2.14.0
Impact:             high
Remote:             yes
Product link:       http://typo3.org/extensions/repository/view/dmmjobcontrol
Reported:           05/09/2014
by:                 Hans-Martin Muench (Mogwai, IT-Sicherheitsberatung Muench)

Vendor's Description of the Software:
JobControl (dmmjobcontrol) is a TYPO3 extension for showing jobs
("vacancies") on your website. It provides a list- and detail view and
the ability to search and apply for jobs. It can even make RSS feeds of
your joblist.

It works with html templates so it's easy to configure how the extension
will look for your site. The list can be shown as a "paginated list",
including a page-browser. The extension itself is multi-lingual, at this
moment English, Danish, Polish, German, Russian and Dutch are included.
The best feature however is that multi-lingual jobs are fully supported
too, so you can provide a translation for a job if you have a multi-lingual

JobControl uses MM-relation tables for regions, branches, sectors etc.
This means that for every new site, you can make a new list of branches to
use. They are not hardcoded and don't require any TypoScript to set up.

JobControl is very easy to set up, with good default templates that can
be styled to your needs using css stylesheets. It's very powerful and
flexible too with lots of configuration options for advanced users.

Business recommendation:
According to the Typo3 Security Team the extension maintainer does not
maintain the extension any longer and thus, is not providing an update.

Exploitation can be prevented with the workaround below. However, the
extension should be replaced with a maintained alternative.

Vulnerability description:
1) Unauthenticated Blind SQL Injection
dmmjobcontrol provides a search function for the job database. Several
input fields (for example education, region, sector) are used without
proper sanitization to create the SELECT statement of the search query.

2) Reflected Cross Site Scripting (XSS)
The value of the "keyword" parameter is used without any sanitization
to create the html response of the search request. This can be abused
to inject malicious HTML/JavaScript code into the HTML response.

Proof of concept:
1) Unauthenticated Blind SQL Injection
The following PoC shows blind based SQL injection on the sector parameter, other
parameters are also vulnerable

2) Reflected Cross Site Scripting (XSS)">

Vulnerable / tested versions:
dmmjobcontrol 2.14.0

Disclosure timeline:
05/09/2014: Reporting to the Typo3 Security team
05/09/2014: Response from Typo3 Security team that they received the mail
24/09/2014: Mail to Typo3 Security team, asking for the current status
25/09/2014: Response from Typo3 Security Team that they released an advisory[1]
25/09/2014: Release of public advisory

Workaround (use on your own responsiblity):
In the file:

To fix the Cross Site Scripting (XSS) vulnerability, replace line 112 with the
following PHP code:
$markerArray['###KEYWORD_VALUE###'] =
htmlspecialchars($session['search']['keyword'], ENT_QUOTES);

To fix the SQL Injection vulnerability, replace line 257 with the following
PHP code:
$whereAdd[] = $table.'.uid_local=tx_dmmjobcontrol_job.uid AND
('.$table.'.uid_foreign='.implode(' OR '.$table.'.uid_foreign=',

[1] TYPO3-EXT-SA-2014-012: Several vulnerabilities in extension JobControl

Advisory URL:

Mogwai, IT-Sicherheitsberatung Muench
Steinhoevelstrasse 2/2
89075 Ulm (Germany)

Tel. +49 731 205 89 0
Fax +49 731 205 89 29

Login or Register to add favorites

File Archive:

October 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    0 Files
  • 2
    Oct 2nd
    22 Files
  • 3
    Oct 3rd
    19 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By