Greenpeace fixes SQL Injection

Since we think that the responsible usage of resources and the protection of nature are important facts, we sympathize with organizations like greenpeace. That’s why we had a look at greenpeace’s website.

Such organizations often use the medium “internet” to spread their news or to coordinate new events. Greenpeace had about 566,000 members in 2011. is based on the Typo3-CMS which is a solid cms. We could not find any security problems except one parameter which was vulnerable to a sql injection in the website of the location group in Dresden (Germany). The sql injection would have allowed an attacker to retrieve the contents of the (mysql) database.

We contacted the responsible person on the 13th of june 2012 and we’ve included a detailed explanation of the issue. One week later the security issue was resolved by the removal of the affected scripts, because they were “outdated”. We would like to thank for the fix and we would like to see a faster fix next time :)

The team of


Screenshot of an SQL injection vulnerability at greenpeace